Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label AT&T. Show all posts
Data Theft
AT&T cloud storage services CyberCrime cybercriminal arrests Data Breach Data Hackers data security Data Theft

Connor Moucka Extradited to U.S. for Snowflake Data Breaches Targeting 165 Companies

 

Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies like AT&T and Ticketmaster, resulted in the exposure of hundreds of millions of sensitive records. 

Moucka, also known by online aliases such as “Waifu,” “Judische,” and “Ellyel8,” was arrested in Kitchener, Ontario, on October 30, 2024, at the request of U.S. authorities. Last Friday, he signed a written agreement before the Superior Court of Justice in Kitchener, consenting to his extradition without the standard 30-day waiting period. The 26-year-old faces 20 charges in the U.S., including conspiracy to commit computer fraud, unauthorized access to protected systems, wire fraud, and aggravated identity theft. Prosecutors allege that Moucka, along with co-conspirator John Binns, extorted over $2.5 million from victims by stealing and threatening to expose their sensitive information. 

The data breaches tied to this cybercrime operation have had widespread consequences. In May 2024, Ticketmaster’s parent company, Live Nation, confirmed that data from 560 million users had been compromised and put up for sale on hacking forums. Other companies affected include Santander Bank, Advance Auto Parts, and AT&T, among others. Moucka and Binns are believed to be linked to “The Com,” a cybercriminal network involved in various illicit activities, including cyber fraud, extortion, and violent crimes. 

Another alleged associate, Cameron Wagenius, a 21-year-old U.S. Army soldier, was arrested in December for attempting to sell stolen classified information to foreign intelligence agencies. Wagenius has since indicated his intent to plead guilty. U.S. prosecutors claim Moucka and his associates launched a series of cyberattacks on Snowflake customers, gaining unauthorized access to corporate environments and exfiltrating confidential data. 
These breaches, described as among the most extensive cyberattacks in recent history, compromised sensitive 
records from numerous enterprises. While the exact date of Moucka’s extradition remains undisclosed, his case underscores the growing threat of cyber extortion and the increasing international cooperation in tackling cybercrime. His legal representatives have not yet issued a statement regarding the extradition or upcoming trial proceedings.
Read more »
Privacy
API AT&T Credentials Google Cloud Privacy

Weak Cloud Credentials Behind Most Cyber Attacks: Google Cloud Report

 



A recent Google Cloud report has found a very troubling trend: nearly half of all cloud-related attacks in late 2024 were caused by weak or missing account credentials. This is seriously endangering businesses and giving attackers easy access to sensitive systems.


What the Report Found

The Threat Horizons Report, which was produced by Google's security experts, looked into cyberattacks on cloud accounts. The study found that the primary method of access was poor credential management, such as weak passwords or lack of multi-factor authentication (MFA). These weak spots comprised nearly 50% of all incidents Google Cloud analyzed.

Another factor was screwed up cloud services, which constituted more than a third of all attacks. The report further noted a frightening trend of attacks on the application programming interfaces (APIs) and even user interfaces, which were around 20% of the incidents. There is a need to point out several areas where cloud security seems to be left wanting.


How Weak Credentials Cause Big Problems

Weak credentials do not just unlock the doors for the attackers; it lets them bring widespread destruction. For instance, in April 2024, over 160 Snowflake accounts were breached due to the poor practices regarding passwords. Some of the high-profile companies impacted included AT&T, Advance Auto Parts, and Pure Storage and involved some massive data leakages.

Attackers are also finding accounts with lots of permissions — overprivileged service accounts. These simply make it even easier for hackers to step further into a network, bringing harm to often multiple systems within an organization's network. Google concluded that more than 60 percent of all later attacker actions, once inside, involve attempts to step laterally within systems.

The report warns that a single stolen password can trigger a chain reaction. Hackers can use it to take control of apps, access critical data, and even bypass security systems like MFA. This allows them to establish trust and carry out more sophisticated attacks, such as tricking employees with fake messages.


How Businesses Can Stay Safe

To prevent such attacks, organizations should focus on proper security practices. Google Cloud suggests using multi-factor authentication, limiting excessive permissions, and fixing misconfigurations in cloud systems. These steps will limit the damage caused by stolen credentials and prevent attackers from digging deeper.

This report is a reminder that weak passwords and poor security habits are not just small mistakes; they can lead to serious consequences for businesses everywhere.


Read more »
Protonmail
AT&T Cloud Services comcast credential harvesting Cyber Crime Protonmail

Cybercriminals Exploit Cloud Services to Steal Login Information

 


You may think you are receiving an email from your trusted ProtonMail account — only to discover it’s a trap set by cybercriminals. Recent research throws light on how attackers are targeting both widely known and lesser-used cloud platforms like AT&T, Comcast Xfinity, and Gravatar to deceive users into handing over their credentials.  

This growing trend is a testament to how cybercriminals evolve to exploit users’ trust in familiar brands and unsuspecting services, creating significant security risks for individuals and businesses alike.  


What Are Cloud Services, and Why Are They Targeted?

To understand these threats, it’s crucial to know what cloud services are. These platforms allow users to access tools and store data online, eliminating the need for physical hardware. Examples include ProtonMail, which provides secure email communication, and Gravatar, a service that manages user avatars across the web.  

Cybercriminals target these services due to their widespread adoption and the trust users place in them. Services like Gravatar, often overlooked in cybersecurity protocols, become particularly attractive to attackers as they can bypass many conventional defenses.  


How Attackers Exploit Cloud Platforms 

While telecom giants like AT&T and Comcast Xfinity are attacked for their reputation and vast user base, platforms like Gravatar are exploited due to their unique features. For instance, Gravatar’s “Profiles as a Service” functionality allows attackers to create convincing fake profiles, tricking users into revealing sensitive information.  

The methods attackers use often depend on two key factors:  

1. Familiarity: Trusted brands like AT&T and Comcast Xfinity are lucrative targets because users inherently trust their platforms.  

2. Low Visibility: Lesser-known platforms, such as Gravatar, often evade suspicion and security monitoring, making them easy prey.  


How Credential Theft Works  

Cybercriminals follow a systematic approach to harvest user credentials:  

1. Deceptive Emails: Victims receive phishing emails that mimic trusted platforms.  

2. Fake Websites: These emails direct users to fraudulent login pages resembling legitimate ones.  

3. Impersonation: Fake profiles and interfaces add credibility to the scam.  

4. Data Theft: Once users input their login details, attackers gain unauthorized access, leading to potential breaches.  


Telecom Companies Under Siege  

Telecommunications companies like AT&T, Comcast Xfinity, and regional Canadian ISPs, including Kojeko and Eastlink, are particularly vulnerable. These companies manage vast amounts of sensitive user data, making them high-value targets. A successful breach could enable hackers to exploit customer data on a massive scale, creating widespread consequences.  


How to Protect Yourself from These Attacks  

To stay secure against credential theft attempts, follow these precautions:  

  1. Verify Websites: Always confirm the authenticity of a URL before entering personal information.  
  2. Scrutinize Emails: Be cautious of unsolicited emails, especially those requesting sensitive data.  
  3. Strengthen Passwords: Use complex, unique passwords for every account.  
  4. Two-Factor Authentication (2FA): This adds an extra security layer, making it harder for attackers to succeed.  
  5. Stay Updated: Regularly educate yourself on emerging cybersecurity threats.  


Conclusion: Awareness is Key to Cybersecurity

Credential theft campaigns have become more intricate in their execution, targeting both renowned and overlooked platforms. By understanding the tactics used by attackers and adopting proactive security measures, individuals and businesses can safeguard themselves from these evolving threats.  

For an in-depth look at this issue and additional insights, refer to the SlashNext report.


Read more »
Salt Typhoon
AT&T Customer Data Cyber Attacks Salt Typhoon

AT&T Confirms Cyberattack Amid Salt Typhoon Hacking Incident

 

AT&T has confirmed being targeted in the Salt Typhoon hacking attack, a cyber operation suspected to involve China. Despite the attack, the telecommunications giant assured customers that its networks remain secure.

In a statement, AT&T revealed that hackers aimed to access information related to foreign intelligence subjects. The company clarified, “We detect no activity by nation-state actors in our networks at this time.” It further added that only a limited number of individuals’ data had been compromised. Affected individuals were promptly notified, and AT&T cooperated with law enforcement to address the breach.

Investigation and Preventive Measures

To prevent future incidents, AT&T is collaborating with government agencies, other telecom companies, and cybersecurity experts. The company has intensified its monitoring efforts and implemented enhanced measures to safeguard customer data.

The Salt Typhoon attack is not an isolated event; it forms part of a broader wave of cyberattacks targeting major telecom companies. Reports suggest that hackers may have accessed systems used by federal agencies to process lawful wiretapping requests. These systems play a critical role in law enforcement operations, making their compromise particularly alarming.

In October, similar breaches were reported by other telecom providers. Verizon Communications disclosed suspicious activity, and T-Mobile revealed it had thwarted an attempted breach before customer data could be accessed.

White House Deputy National Security Advisor Anne Neuberger stated that nine telecom companies had been targeted in the Salt Typhoon attack but refrained from naming all the affected firms.

China, in response, denied any involvement in the attacks, asserting that it opposes state-sponsored cyber activities.

Lessons for Cybersecurity

The Salt Typhoon attack underscores the critical need for robust cybersecurity practices in the telecom industry. AT&T’s prompt response highlights the importance of transparency and collaboration in addressing cyber threats. This incident serves as a reminder for organizations to invest in stronger protective measures, especially as digital systems become increasingly integral to global operations.

While no system is entirely immune to cyber threats, preparedness and swift action can significantly mitigate potential damage.

Read more »
Verizon
AT&T Chinese Hackers Cybbercrime Cyber Attacks Cyberhackers Cyberthreatm Salt Typhoon Hacks FBI Verizon

Salt Typhoon Hack: A Grave Threat to U.S. Telecommunications

 


The Chinese state-sponsored hacking group Salt Typhoon has been implicated in one of the most severe breaches in U.S. telecommunications history. Sensitive information, including call logs, timestamps, phone numbers, and location data, was compromised across the networks of at least eight major telecom carriers, including AT&T and Verizon. Despite the scale of the intrusion, many affected consumers remain uninformed about the breach.

Scope and Impact of the Breach

According to reports, Salt Typhoon’s hacking campaign has targeted high-value intelligence figures, including presidential candidates Donald Trump and Kamala Harris, as well as Senator Chuck Schumer's office. The FBI estimates that millions of users’ metadata, particularly in the Washington, D.C., area, were accessed. Yet, most affected individuals have not been notified, raising serious privacy concerns.

AT&T and Verizon, the most severely impacted companies, have faced backlash for their limited response to the breach. Privacy groups have criticized the telecom giants for failing to comply with the Federal Communications Commission (FCC) mandate requiring companies to inform customers of breaches that could cause significant harm, such as identity theft or financial loss.

Telecom Industry’s Response

While high-value targets were promptly alerted, the majority of users whose data was compromised were not informed. In an interview with NBC, Alan Butler, executive director of the Electronic Privacy Information Center, condemned the carriers’ "deficient practices." He emphasized the need for transparency, urging companies to notify all affected customers, regardless of whether their metadata or the actual content of their communications was accessed.

Charter Communications, a midsize internet service provider, has taken a relatively open approach, acknowledging infiltration by Salt Typhoon. According to Chief Security Officer Jeff Simon, access by the hackers has since been cut off, and no customer information was reportedly accessed. In contrast, other companies like Lumen, another internet service provider, have downplayed or refused to disclose the extent of the breach.

Ongoing Threats and Legislative Action

Cybersecurity experts warn that Salt Typhoon continues to target U.S. telecom networks and IT infrastructure. Government agencies are closely monitoring the situation to mitigate further risks. Lawmakers are now considering stricter cybersecurity regulations to compel telecom companies to adopt robust practices and provide detailed breach notifications to consumers.

However, some companies targeted by Salt Typhoon claim the hackers did not gain substantial information. For example, Lumen stated that federal partners found no evidence of ongoing activity in its networks.

Consumer Awareness and Future Outlook

While telecom companies have yet to adequately address these breaches, consumers must stay informed about security risks by following news updates on data breaches. Public pressure is likely to drive industry-wide changes, prompting carriers like AT&T and Verizon to adopt comprehensive notification systems for all affected users.

The Salt Typhoon breach serves as a wake-up call for the telecommunications industry to prioritize data security. Enhanced transparency, stricter cybersecurity regulations, and informed decision-making will be crucial to safeguarding sensitive information in an increasingly digital world.

Read more »
Wireless Provider
AT&T Cyber Outage Cyber Security United States Wireless Provider

AT&T Claims It Has Fixed Software Bug That Caused An Outage For Some Wireless Users

 

Some AT&T customers experienced a disruption in their wireless service earlier this week, which made it difficult for them to call 911 in an emergency. 

It was rectified in a few hours, with the company blaming a software fault, but it's only one of many issues the wireless provider has experienced in recent months, including outages and data breaches that have disrupted operations and left users in the dark.

Earlier this year in February, its network went down for 11 hours, preventing several of its clients in the United States from making calls, texting, or using the internet. AT&T stated that an initial investigation of the outage revealed that it might have been caused by an internal error rather than a cyberattack. 

A few weeks later, in March, a data dump containing private information for 73 million current and past customers was exposed onto the "dark web," raising security concerns. According to the company, the data was from 2019 or earlier and did not appear to include financial information or call history specifics. 

"It is unclear whether the data originated from AT&T or one of its vendors," the company stated at the time. Then, in June, another AT&T outage prevented some consumers from making phone calls between carriers. The issue was resolved within a few hours, but the firm did not disclose what triggered it.

Notably, this week's outage occurred just hours after the Federal Communications Commission announced a $950,000 settlement with AT&T to resolve an investigation into whether the company violated FCC rules by failing to deliver 911 calls and promptly notifying 911 call centres during a previous outage in August 2023. 

AT&T’s overflow 

Why does this keep occurring to AT&T? CNN spoke with a telecommunications expert who believes there are three main factors at play: software updates gone awry, numerous technological challenges, and congested networks in big cities. 

An outage map from Tuesday shows interruptions in New York, Charlotte, North Carolina, Houston, and Chicago. Alex Besen, founder and CEO of Besen Group, which analyses mobile phone carriers, believes it was a network overload issue. 

“To avoid any future outages, AT&T needs to increase the number of cell towers, implement advanced load-balancing techniques, use network optimization tools to manage traffic more effectively and prioritize services that can reduce congestion,” Besen stated.
Read more »
security measures
Account security AT&T Customer Data Cybersecurity measures Data Breach data security Data Theft security measures

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.
Read more »
Social Security Number
AT&T Data Breach Data Hacking Mobile Numbers ShinyHunters Social Security Number

AT&T Denies Involvement in Massive Data Leak Impacting 71 Million People

 


AT&T has categorically denied any involvement in a significant data breach affecting approximately 71 million individuals. The leaked data, disseminated by a hacker on a cybercrime forum, allegedly originates from a 2021 breach of the company's systems. Despite assertions made by the hacker, known as ShinyHunters, and subsequent releases by another threat actor named MajorNelson, AT&T maintains its position, asserting that the leaked information did not originate from its infrastructure.

While the authenticity of the entire dataset remains unconfirmed, the verification of some entries suggests potential accuracy. This includes personal data that is not readily accessible for scraping, such as names, addresses, mobile phone numbers, encrypted dates of birth, encrypted social security numbers, and other internal details.

Despite refuting claims of a breach within its systems, AT&T has not provided definitive evidence to support its stance. Speculation persists regarding the involvement of third-party service providers or vendors, with AT&T yet to respond to inquiries seeking clarification on this matter.

While the leaked data purportedly includes sensitive personal information, such as social security numbers and dates of birth, decryption efforts by threat actors have rendered this data accessible. However, the precise origin of the leaked information remains elusive, fueling speculation and concern among affected individuals and cybersecurity experts alike.

For individuals who were AT&T customers before and during 2021, caution is advised, as the leaked data could potentially be exploited in various forms of targeted attacks, including SMS and email phishing, as well as SIM swapping schemes. Users are urged to exercise heightened caution and verify the authenticity of any communications purportedly from AT&T, refraining from disclosing sensitive information without direct confirmation from the company.

As investigations into the origins of the leaked data continue, the implications for affected individuals underscore the importance of robust cybersecurity measures and heightened awareness of potential threats. The incident serves as a telling marker of the ever-present risks associated with the digital realm and the imperative for proactive measures to safeguard personal information.

While AT&T denies any involvement in the data leak, concerns regarding the security and privacy of affected individuals persist. The unprecedented nature of cyber threats necessitates ongoing vigilance and collaborative efforts to combat risks and ensure the protection of personal data in an increasingly interconnected world.


Read more »
Verizon
911 service AT&T Consumer Cellular customer complaints Cyber Security Downdetector FBI mobile phone Outage service interruptions T-Mobile USCellular Verizon

Cell Service Restored Following Extensive AT&T Outage

 

AT&T has resolved issues affecting its mobile phone customers following widespread outages on Thursday, according to a company announcement.Throughout the day, tens of thousands of cell phone users across the United States reported disruptions.

Reports on Downdetector.com, a platform monitoring outages, indicated instances of no service or signal after 04:00 EST (09:00 GMT).

AT&T issued an apology to its customers and confirmed that services were fully operational again by early afternoon. The company stated its commitment to taking preventive measures to avoid similar incidents in the future. The cause of the outage is currently being investigated.

Verizon and T-Mobile informed the BBC that their networks were functioning normally. However, they acknowledged that some customers may have experienced service issues while attempting to communicate with users on different networks.

According to Downdetector, AT&T received over 74,000 customer complaints, with significant clusters in southern and eastern regions of the country.

Smaller carriers like Cricket Wireless, UScellular, and Consumer Cellular also reported interruptions in service. Complaints ranged from difficulties with calls, texts, to internet access, with many users reporting no service or signal.

Downdetector's data showed that major cities including Los Angeles, Chicago, Houston, and Atlanta experienced high numbers of outages.

Some individuals also faced challenges with 911 services, prompting officials to advise the use of landlines, social media, or cell phones from alternative carriers in emergencies.

The widespread outage has garnered the attention of the US government, with the FBI and Department of Homeland Security launching investigations, as confirmed by John Kirby, spokesperson for the US National Security Council.

Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, stated that they are collaborating with AT&T to understand the root cause of the outage and are ready to provide assistance as necessary.

Although a confidential memo reported by ABC News suggested no signs of malicious activity, CISA officials are actively investigating the incident.
Read more »
online currency
AT&T cryptocurrency cyber attack Cyber Attacks online currency

Hackers are Breaking Into AT&T to Steal Cryptocurrency

In recent news, individuals with AT&T email addresses are being targeted by unknown hackers who are using their access to break into victims' cryptocurrency exchange accounts and steal their digital assets. Cryptocurrency exchanges are online platforms that allow users to buy, sell, and trade digital currencies like Bitcoin and Ethereum. 

To use a cryptocurrency exchange, users need to create an account and provide personal information for identity verification. They can then deposit traditional currencies and use them to purchase digital currencies. 

According to an anonymous source, cybercriminals have discovered a way to gain unauthorized access to the email accounts of AT&T users, including those with email domains such as att.net, sbcglobal.net, and bellsouth.net. 

These hackers exploit a section of AT&T's internal network to create mail keys for any user. Mail keys are unique credentials that allow AT&T email users to access their accounts via email applications like Thunderbird or Outlook without using their passwords.

Once the hackers obtain a target's mail key, they use an email app to access the victim's account and reset passwords for more valuable services like cryptocurrency exchanges. This leaves the victim vulnerable, as the hackers can easily reset passwords for Coinbase or Gemini accounts via email, transferring the victim's digital assets to their own accounts and leaving the victim with nothing. 

One of the victims reported that “it is Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys”. 

AT&T spokesperson Jim Kimberly acknowledged the unauthorized creation of secure mail keys that allow access to email accounts without passwords. The company has since updated its security controls and proactively required a password reset on some email accounts. 

“We identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password. We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” he added. 

However, Kimberly further said that the hackers had no access to the internal systems of the company. “There was no intrusion into any system for this exploit. The bad actors used an API access.”
Read more »
Vulnerabilities
AT&T CPNI Cyberattack CyberCrime Data Breach Federal Communications Commission Vulnerabilities

AT&T Alerts Millions About Data Breach That Exposed Sensitive Information

 


An internal supply chain cyber-incident that occurred in AT&T's supply chain revealed some sensitive information belonging to tens of millions of the company's customers, exposing them to some serious vulnerabilities in their systems. 

A hacking incident did occur in January 2023 against AT&T's marketing vendor, resulting in a data breach of AT&T's system.  

Approximately 9 million clients of the company have been given a precautionary warning after unauthorized access to their personal information was discovered.  

According to the company, in addition to the first names of buyers, the company also uncovered wireless account numbers and smartphone numbers, as well as e-mail addresses. 

There have been specific instances where a small number of impacted clients have had their prices, late fees, monthly fee amounts, fluctuating monthly expenses, and/or minutes used exposed. These have been the name of the price plan, late amount, or late charges. Moreover, AT&T acknowledged that the data was a few years old and was not updated regularly. 

The representative of the company confirmed that the supply chain was at risk and that its methods would not be compromised. Additionally, the company mentioned that the collected information is frequently linked to eligibility for improvements to devices. Although there is no way to prevent it, the company notified the police immediately about the incident that happened. 

AT&T, in a report published on Wednesday, said that there was no information in the breach that involved payment details, account passwords, Social Security numbers, or any other information relating to an individual. Instead, the cyberattack allowed unauthorized access to information used to determine eligibility it said, characterizing the data as years old.  

The mobile carrier notified affected customers, it said. According to a notification posted on the AT&T Community forum.   The company informed its customers that they had notified federal law enforcement about unauthorized access to their CPNI as required by the Federal Communications Commission. 

The company's report to law enforcement does not contain specific information about their account, only that unauthorized access occurred.
Read more »
User Security
AT&T Data Breach Data Leak Shiny Hunters User Data User Privacy User Security

Database of 70 Million AT&T Users Being Sold on a Hacker Forum

 

The same threat actor is selling 70 million AT&T customers' records just days after the T-Mobile data leak. The data leak claim was refuted by the mobile service provider, who stated that the data did not emanate from any of their systems. ShinyHunters, the same threat actors that just days ago sold T-Mobile subscribers' data, is now selling 70 million records reportedly belonging to another mobile service provider – AT&T. AT&T consumers' full names, social security numbers, email addresses, and dates of birth are among the data for sale. 

ShinyHunters is a well-known organisation that has been linked to a number of high-profile data breaches. Mashable, 123RF, Minted, Couchsurfing, Animal Jam, and other companies have been targeted, according to HackRead. 

The revelation was first reported by Restore Privacy. According to them, the hacker is seeking $1 million for the full database (direct sell) and has given them exclusive information for this report.

"In the original post that we discovered on a hacker forum, the user posted a small sample of the data. We examined the sample and it appears to be authentic based on available public records. Additionally, the user who posted it has a history of major data breaches and exploits," said Restore Privacy. "While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid." 

AT&T denied that the data had been leaked, claiming that it was either forged or obtained through other sources. “Based on our investigation today, information that appeared in an internet chat room does not appear to have come from our systems,” MarketWatch quoted the cell phone carrier. 

 AT&T has previously experienced a data breach. For an insider breach in 2015, the company agreed to pay a $25 million fine. In fact, a threat actor was looking to hire a T-Mobile and/or AT&T employee in May, presumably to assist them in staging an insider attack on their employer. 

T-Mobile was notified late last week about accusations in an online forum that a threat actor had compromised T-Mobile systems. The company announced that it had discovered and shut down the access point that might have been utilised to obtain unauthorised access to the company's servers.
Read more »
malware
AT&T Cyber Crime Ezuri Linux malware

Ezuri Crypter Being Used to Evade Antivirus Detection

 

As per a report delivered by AT&T Alien Labs, various cyber criminals are utilizing Ezuri crypter to pack their malware and dodge antivirus detection. Although Windows malware has been known to deploy similar tactics, cybercriminals are currently utilizing Ezuri for penetrating Linux systems too. Written in Golang, Ezuri acts both as a crypter and loader for ELF (Linux) binaries. Utilizing AES, it encrypts the malware code and, on decoding, executes the noxious payload directly inside memory without producing any records on the disk. 

Systems engineer and Ezuri's maker, Guilherme Thomazi Bonicontro ('guitmz'), had open-sourced the ELF loader on GitHub in 2019 and debuted the tool in his blog entry. In an email interview with, Bonicontro otherwise known as TMZ shared that he is a malware researcher and makes research apparatuses for spreading awareness and aiding defenders. 

“I'm an independent malware researcher, I do this as one of my leisure activities. The objective of my work is just to learn and bring awareness on assorted PoC assault and defense techniques, yet never bring on any harm. As a general guideline, I generally share samples of my ventures with antivirus organizations and I never discharge code with ruinous payload or anything with refined replication capabilities. I believe knowledge ought to be available to everybody and every individual ought to be answerable for their own activities to rest soundly at night,” said Bonicontro. 

Researchers Ofer Caspi and Fernando Martinez of AT&T Alien Labs noted in the wake of decrypting the AES-encrypted payload, Ezuri quickly passes the subsequent code to the runFromMemory work as a contention without dropping malware files anyplace on the tainted system. During the last few months, Caspi and Martinez distinguished a few malware creators that pack their samples with Ezuri. These incorporate the cybercrime group, TeamTnT, active since at least April 2020. 

TeamTnT is known to assault misconfigured Docker instances and exposed APIs to transform weak systems into DDoS bots and crypto miners. Later variations of TeamTnT's malware, for example, "Black-T" that install network scanners on tainted systems and extract AWS credentials from memory were likewise discovered to be bound with Ezuri. As indicated by the AT&T researchers, "the last Black-T sample distinguished by Palo Alto Networks Unit42 is really an Ezuri loader." The researchers additionally saw the presence of the 'ezuri' string in numerous Ezuri-packed binaries. 

Malware samples which were commonly distinguished by about 50% of antivirus engines on VirusTotal, yielded 0 detections when encoded with Ezuri, at the time of AT&T's research. Even today, the Ezuri-stuffed sample has less than a 5% detection rate on VirusTotal.
Read more »
Subscribe to: Posts (Atom)