Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Telecom Firm. Show all posts
Third Party App
Data Breach Data Leak Data Privacy Telecom Firm Third Party App

Hacker Claims to Publish Nokia Source Code

 

The Finnish telecoms equipment firm Nokia is looking into the suspected release of source code material on a criminal hacking site. See also: Gartner Market Guide for DFIR Retainer Services.

An attacker going by the handle "IntelBroker," who is also the proprietor of the current iteration of BreachForums, revealed on Thursday what he said was a cache of "Nokia-related source code" stolen from a third-party breach. The data consists of two folders: "nokia_admin1" and "nokia_etl_summary-data."

IntelBroker initially stated in a Last week's BreachForums post that he was selling the code, characterising it as a collection of "SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, Webhooks, and hardcoded credentials."

A Nokia spokesperson stated that the company is "aware of reports that an unauthorised actor has alleged to have gained access to certain third-party contractor data, and possibly Nokia data." We will continue to constantly watch the situation." Last week on Tuesday, the hacker told Hackread that the data would cost $20,000.

IntelBroker told Bleeping Computer that the data came from Nokia's third-party service provider SonarQube. The hacker claimed to have gained access using a default password. SonarQube did not immediately reply to a request for comment.

In 2023, IntelBroker published online data stolen from a health insurance marketplace used by members of Congress, their families, and staffers. Earlier this year, he sparked a probe at the Department of State by uploading online papers purportedly stolen from government contractor Acuity. 

Third-party breaches at major firms are becoming more regular as companies improve their own cyber defences. Earlier this year, a slew of well-known brands, including AT&T, Ticketmaster, Santander Bank, automotive parts supplier Advance Auto Parts, and luxury retailer Neiman Marcus, were hit with breaches caused by a series of attacks on their accounts at cloud-based data warehousing platform Snowflake.
Read more »
UK
Cyber Attacks Malicious Campaign Telecom Firm UK

BT Uncovers 2,000 Potential Cyberattacks Signals Every Second

 

BT logs 2,000 potential cyber attack signals per second, according to the latest data from the telecom behemoth, as it warns of the rising threat from cyber criminals.

The telecom firm stated it found that web-connected devices were being scanned more than 1,000 times each a day by known malicious sources, as attackers scan for vulnerabilities in online systems. While some scans are authentic for security monitoring, BT stated that 78% were not harmless. 

BT said its most recent data on the issue revealed a 1,234% lift in new malicious scanners across its networks over the last year, and cautioned that the increase could be attributed to more malicious actors using AI-powered, automated bots to scan for vulnerabilities in security systems in order to avoid tools designed to detect suspicious activity.

The UK's National Cyber Security Centre (NCSC) has previously cautioned that AI technologies were upskilling malicious actors and lowering the entrance barrier to launch cyber attacks.

According to BT's research, the IT, defence, and financial services sectors were the most targeted for cyber assaults, but other sectors, such as retail, education, and hospitality, were being increasingly targeted since they are seen to have a lower security focus. The data was made public during BT's Secure Tomorrow cybersecurity festival at the company's Adastral Park research facility in Suffolk. 

“Today, every business is a digital business, and our data shows that every 90 seconds hackers are checking connected devices to find a way in – like opportunistic burglars looking for an open window,” Tris Morgan, managing director for security at BT, stated. 

“Tools like AI provide new routes of attack, but they can also the first line of defence. At BT, we’re constantly evolving our network security to stay one step ahead and protect more than a million businesses, day in, day out.” 

The cybersecurity warning comes after the government announced that all UK data centres will be designated as Critical National Infrastructure (CNI), putting them on an equal footing with energy, water, and emergency services infrastructure, and will now receive more government support and protection from cyber attacks, IT blackouts, and environmental disasters.
Read more »
User Data
Data Breach Data Leak Data Privacy Telecom Firm User Data

Indian Govt Confirms BSNL User Data Breach

 

On Wednesday, July 24, Union Minister of State for Communications Chandra Shekar Pemmasani revealed the breach at state-owned telecom operator Bharat Sanchar Nigam Limited (BSNL) in the Lok Sabha. The breach occurred on May 20, the Minister stated in a written response to a question raised by Congress MP Amar Singh.

The Minister stated that the Indian Computer Emergency Response Team (CERT-In), the primary organisation for dealing with cyber security incidents, discovered that one of BSNL's File Transfer Protocol (FTP) servers contained data comparable to the compromised data sample discovered during CERT-In's investigation.

“No breach in Home Location Register (HLR) of Telecom Network has been reported by the Equipment Manufacturer, therefore no service outage in BSNL’s Network,” claimed Pemmasani.

The centre government has formed an Inter-Ministerial Committee (IMC) to investigate telecom networks and recommend remedial actions to prevent future data breaches, the Minister revealed. According to reports, the breach came to light after a user dubbed "kiberphant0m" posted on Breachforums, a website infamous for selling hacked data, claiming to have stolen nearly 278 terabytes of data from BSNL. 

The compromised data allegedly included IMSI numbers (International Mobile Subscriber Identity), SIM details, HLR (Home Location Register), a database of all active mobile network users, DP card data, and DP Security Key data, which supports BSNL's security mechanisms. The user planned to sell the data for $5,000.

To safeguard against future cyber attacks, BSNL has updated the access passwords for all similar FTP servers and instructed that endpoints (network-connected devices) maintain air gaps, which is a computer security measure that ensures a secure computer network is physically isolated from open networks for further safety.
Read more »
Telecom Firm
Cyber Crime DoT Indian Government Mobile Connection Telecom Firm

Indian Govt Targets Cyber Criminals: DoT To Deactivate 1.8 Million SIMs

 

According to a recent media report citing 'officials' as sources, telecom operators are planning to disconnect approximately 1.8 million mobile connections at once as part of the government's first all-India operation to combat cybercrime and online fraud. 

This development comes after a thorough investigation conducted by multiple law enforcement authorities to trace the usage of mobile networks for cybercrime and financial theft.

"During investigations, it was detected that in many instances, a single handset was used with thousands of mobile connections," an official privy to the details told the local media outlet. 

On May 9, the Department of Transportation directed telcos to deactivate 28,220 mobile devices and re-verify nearly two million mobile connections that had been misused with these handsets. 

Officials stated that in such cases, just 10% of the connections are verified, with the remainder being disconnected and failing re-verification. They also stated that the disconnection will take place once the telecoms completed the re-verification in 15 days. The action comes amid a consistent increase in the number of mobile phone-related cybercrimes in the country. 

The National Cybercrime Reporting Portal (NCRP) said that digital financial theft victims lost Rs 10,319 crore in 2023. The Parliamentary Standing Committee on Finance said that over 694,000 complaints were received in 2023. 

Officials stated that fraudsters generally employ SIM cards from other telecom circles and frequently change the combination of SIM and handset to avoid detection by law enforcement and carriers.

"For instance, an Odisha or Assam circle SIM could be used in Delhi NCR," a second official noted. "To avoid the radar, fraudsters make only a few outgoing calls and then change the SIM as too many out. going calls from the same number would get detected by telco systems.”

According to an earlier investigation, telcos disconnected almost two lakh SIM cards last year for alleged involvement in cybercrimes. In another case, the authorities investigated places such as Mewat in Haryana, and more than 37,000 SIM cards were disconnected. 

Coordinated Action: To combat cybercrime, the government believes that telecoms should improve their detection of SIM usage patterns, particularly those purchased outside of home circles."As part of their roaming detection system, telcos can instantly capture when a person moves out to a different circle," added the second official.
Read more »
Threat Intelligence
APT Group Cyber Attacks Data Leak Telecom Firm Threat Intelligence

ToddyCat APT Is Siphoning Data on 'Industrial Scale'

 

ToddyCat, an advanced persistent threat (APT) gang that targets the government and defence industries, has been seen collecting stolen data "on an industrial scale" from victim organisations in Asia-Pacific. 

Kaspersky researchers first disclosed details regarding the elusive gang's actions in 2022, despite the fact that it has been functioning since December 2020. ToddyCat is believed to be a Chinese-speaking gang, though its origins and ties are unknown.

Initially, the threat group targeted only certain organisations in Taiwan and Vietnam. When the ProxyLogon vulnerabilities in Microsoft Exchange Server were discovered in early 2021, it broadened the scope of its operations, now targeting multiple European and Asian organisations. 

ToddyCat upgraded its tools and strategies in 2023, and launched a long-running attack against government entities and telecom providers in multiple Asian countries. 

In Kaspersky's most recent review of the group, published last week, researchers Andrey Gunkin, Alexander Fedotov, and Natalya Shornikova explained the techniques the gang had lately been seen employing to exfiltrate massive volumes of data. 

“During the observation period, we noted that this group stole data on an industrial scale,” researchers explained. “To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as much as possible, and provide several alternative means to continuously access and monitor systems they attack.”

One of the group's attacks was its predilection for creating many tunnels with various tools to gain access to the infrastructure of the organisations it targeted. This allowed the gang to continue using the compromised systems even after one of the tunnels was identified and eliminated, according to the experts.

ToddyCat used reverse SSH tunnels to get access to remote network services. The gang also employed SoftEther VPN, an open-source tool that allows for the establishment of VPN connections using a variety of popular protocols.

“In virtually every case we observed, the attackers renamed vpnserver_x64.exe to hide its purpose in the infected system,” the researchers added. “To transfer the tools to victim hosts, the attackers used their standard technique of copying files through shared resources, and downloaded files from remote resources using the curl utility.” 

To protect against the gang, the researchers advised defenders to add the resources and IP addresses of cloud providers that allow traffic tunnelling to their firewall deny lists. The researchers also recommended limiting the tools administrators can use to remotely access hosts.
Read more »
User Privacy
API Bug Canada Cyber Security Databases GitHub Malicious actor SIM Telecom Firm User Privacy

Canadian Telecom Provider Telus is Reportedly Breached

 

One of Canada's biggest telecommunications companies, Telus, is allegedly investigating a system breach believed to be fairly severe when malicious actors exposed samples of what they claimed to be private corporate information online.

As per sources, the malicious actors posted on BreachForums with the intention of selling an email database that claimed to include the email addresses of every Telus employee. The database has a $7000 price tag. For $6,000, one could access another database purported to provide payroll details for the telecom companies' top executives, including the president.

A data bundle with more than 1,000 private GitHub repositories allegedly belonging to Telus was also offered for sale by the threat actor for $50,000. A SIM-swapping API was reportedly included in the source code that was for sale. SIM-swapping is the practice of hijacking another person's phone by switching the number to one's own SIM card.

Although the malicious actors have described this as a Complete breach and have threatened to sell everything connected to Telus, it is still too early to say whether an event actually happened at TELUS or whether a breach at a third-party vendor actually occurred.

A TELUS representative told BleepingComputer that the company is looking into accusations that some information about selected TELUS team members and internal source code has leaked on the dark web.

The Telus breach would be the most current in recent attacks on telecom companies if it occurred as the malicious actors claimed. Three of the biggest telecommunications companies in Australia, Optus, Telestra, and Dialog, have all been infiltrated by attackers since the beginning of the year.

Customer data was used in a cyberattack that affected the Medisys Health Group business of Telus in 2020. The company claimed at the time that it paid for the data and then securely retrieved it. Although TELUS is still keeping an eye on the potential incident, it has not yet discovered any proof that corporate or retail customer data has been stolen.



Read more »
User Security
Cyber Attacks DDOS Attack South Korea Telecom Firm User Security

South Korean Telecom Operator Crippled by DDoS Attack

 

South Korean telecommunications operator KT suffered a nationwide network outage earlier this week, affecting its telephone and wireless services including phone calls, internet, and other services.

The suspected distributed denial-of-service (DDoS) attack crippled the network for almost an hour. Customers using the telco's network were unable to access the internet for around 40 minutes at around 11am on Monday. Since then, general access to the Internet has been restored for KT users in most parts of the country. 

To investigate the matter, a team of security experts from the Seoul cyber department was dispatched to KT's headquarters in Seongnam, Gyeonggi Province, just south of Seoul. Later in the day, KT restated that the outage appeared to have been caused by large-scale DDoS attacks. The firm said it is still looking for the culprits behind the DDoS and will continue to analyze the extent of the damage. 

“The telco's network was shut down due to a large-scale DDoS attack. During the outage, the company's crisis management team was working to quickly restore the network back to normal. KT is yet to figure out the extent of the damage or who was behind the DDoS attack,” KT spokesperson stated. 

The Ministry of Science and ICT said they are keeping a close eye on the matter in collaboration with KT. However, the ministry did not confirm that the network failure was caused by a DDoS attack, but it said the other major telcos SK Telecom and LG Uplus were not affected.

Despite not being victims of the DDoS attack, users of the services of SK Telecom and LG Uplus raised complaints on social media regarding telcos network outages. Spokespersons for these telcos said the network outages were due to a sudden surge in traffic from KT users switching their services due to KT’s internet outage. Both SK Telecom and LG Uplus representatives said they would be monitoring the situation closely. 

According to the Science and ICT Ministry data, around 16.3 million people are dependent on KT for internet service as of March 2021. The last time KT suffered a network outage was in 2018 when a fire broke at its Ahyeon branch in central Seoul. The fire caused internet and phone service disruptions in nearby areas, including the Seoul districts of Jung-gu, Yongsan-gu, and Seodaemun-gu.
Read more »
User Security
Breach Data Breach Data hack Telecom Firm User Privacy User Security

Global Telecom Firm Syniverse Secretly Reveals 5-Year Data Breach

 

Telecom giant Syniverse secretly revealed to the Securities and Exchange Commission last week that attackers have been inside its systems over the past five years, impacting hundreds of business clients and potentially millions of users globally. 

Syniverse handles nearly 740 billion text messages every year, and some of its customers include major firms such as Airtel, China Mobile, AT&T, Verizon, Vodafone, and T-Mobile. 

The world’s largest companies and nearly all mobile carriers rely on Syniverse’s global network to seamlessly bridge mobile ecosystems and securely transmit data, enabling billions of transactions, conversations, and connections [daily],” Syniverse wrote in a recent press release. 

Syniverse disclosed in a filing on September 27 with the U.S. Security and Exchange Commission that hackers had access to its data for years. The private records of more than 200 customers were compromised due to a security flaw that impacted its database. 

Following the discovery, the telecom giant started an internal investigation in order to determine the scope of the attack. The investigation revealed that that unauthorized access to the company’s system has been ongoing since May 2016; the breach went undetected until May 2021. 

“The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers,” the company stated in its SEC filing.

According to a source who works at Syniverse, the attackers could have gained access to call records and message data, such as call length and cost, caller and receiver’s numbers, the location of the calling parties, the content of SMS text messages, and more. 

“Syniverse is a common exchange hub for carriers around the world passing billing info back and forth to each other. So, it inevitably carries sensitive info like call records, data usage records, text messages, etc. […] The thing is—I don’t know exactly what was being exchanged in that environment. One would have to imagine though it easily could be customer records and [personal identifying information] given that Syniverse exchanges call records and other billing details between carriers,” an industry insider told Motherboard.
Read more »
Subscribe to: Posts (Atom)