Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Telecom Firms. Show all posts
Telecom Firms
CISA cyber espionage Data Breach Telecom Firms

US Exposes Major Chinese Cyber-Espionage Targeting Telecom Networks

 


The United States has accused China of conducting a vast cyber espionage operation that targeted multiple telecommunications networks. The hackers allegedly stole sensitive data and intercepted communications relating to a few government and political leaders. The incident raises national security concerns, in which officials are sounding warning bells.

US officials said that Chinese state-sponsored hackers broke into the systems of several telecom companies, looking to syphon away customer call records and gain unauthorised access to communication data. In some cases, the attackers allegedly copied information sought by US law enforcement through court-approved procedures, said analysts. That's a disturbing breach of sensitive data.

This is receiving full-time investigation by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to help targeted companies. Officials said they are only slowly learning the extent of what happened, but preliminary reports indicate a sophisticated attack that probably reaches virtually everywhere in the country.


 

Key Targets and Methods


Unnamed sources suggest that major telecom providers, including AT&T and Verizon, were among those breached. Hackers allegedly found a way into systems used for court-authorised wiretaps, bypassing security measures. Microsoft identified the group responsible as “Salt Typhoon,” a hacking collective linked to the Chinese state.


According to reports, this group had been undetected for months before exploiting vulnerabilities to gain access to sensitive communication networks. The list of allegedly targeted big fish includes former President Donald Trump, members of his family, and Vice President Kamala Harris' campaign staff. 


Impact Beyond Large Companies

The scope of the attack does not only extend to big corporations. Regional internet service providers were also targeted, which shows how the hackers covered many areas. Experts think that the attackers must have abused the wiretap systems by monitoring some specific numbers, which may give them audio data through such breaches.

 

Wider Issues and Follow-Up Investigations

US authorities have already informed dozens of affected organisations. Classified briefings have lately been conducted to enlighten lawmakers on the serious implications. Senator Ron Wyden, who attended one of the briefings described the breach as deeply concerning in regard to its implications across various sectors.

While the probe is still ongoing, more efforts have been committed toward discovering the scope of the operation. According to a State Department official, this attack highlighted vulnerabilities in telecom systems believed to have been secure, and a greater need for upgraded cyber defence mechanisms is therefore urgent.

This incident typifies the dynamic threat of state-sponsored cyberattacks with regard to challenges in safeguarding critical infrastructure. The US is to enhance its defence mechanisms and systems for better preparedness to such breaches in the future as investigations continue.

Read more »
User Privacy
Customer Data Data Breach Data Leak FCC Telecom Firms United States User Privacy

FCC Wants Telecom Companies to Notify Data Breaches More Quickly

 

The Federal Communications Commission of the United States intends to improve federal law enforcement and modernise breach notification needs for telecommunications firms so that customers are notified of security breaches as soon as possible.

The FCC's proposals (first made public in January 2022) call for getting rid of the current requirement that telecoms wait seven days before notifying customers of a data breach. 

Additionally, the Commission wants telecommunications providers to notify the FBI, Secret Service, and FCC of any significant breaches. 

According to FCC Chairwoman Jessica Rosenworcel, "We propose to eliminate the antiquated seven business day mandatory waiting period before notifying customers, require the reporting of accidental but harmful data breaches, and ensure that the agency is informed of major data breaches.

In a separate press release, the FCC stated that it was considering "clarifying its rules to require consumer notification by carriers of inadvertent breaches and to require notification of all reportable breaches to the FCC, FBI, and U.S. Secret Service." 

In 2007, the Commission passed the first regulation mandating that telecoms and interconnected VoIP service providers notify federal law enforcement agencies and their clients of data breaches. 

The severity of recent telecom hacks demonstrates the need for an update to the FCC's data breach rules to bring them into compliance with federal and state data breach laws governing other industries. For instance, Comcast Xfinity customers reported in December that their accounts had been compromised as a result of widespread attacks that avoided two-factor authentication.

Verizon informed its prepaid customers in October that their accounts had been compromised and that SIM swapping attacks had used the exposed credit card information.

According to reports, T-Mobile has also experienced at least seven breaches since 2018. The most recent one was made public after Lapsus$ hackers broke into the business' internal systems and stole confidential T-Mobile source code.

Finally, in order to end an FCC investigation into three separate data breaches that affected hundreds of thousands of customers, AT&T paid $25 million in April 2016.

"The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," Rosenworcel stated. "To better protect consumers, boost security, and lessen the impact of future breaches, this new proceeding will take a much-needed, fresh look at our data breach reporting rules."
Read more »
Telecom Firms
Backdoor Custom Malware Cyber Attacks Security Researchers Telecom Firms

State-Backed Harvester Group is Going After Telecommunications Providers

 

Researchers discovered a previously unidentified state-sponsored actor that appears to be conducting cyberattacks against South Asian telecommunications companies and IT corporations using a unique combination of technologies. The goal of the cybercrime gang is considered to be data collection. They use highly focused espionage efforts that target IT, telecom, and government organizations. Harvester is a new threat actor with no known adversaries, as the attacker's damaging tools have never been encountered before in the wild.

"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology (IT)," Symantec researchers said. "The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."

Backdoor appears to be used by the attackers. Metasploit, Graphon, Custom Downloader, Custom Screenshotter, Cobalt Strike Beacon are some of them. Although Symantec researchers were unable to determine the initial attack vector, evidence of a malicious URL being exploited for that purpose was identified.

By blending command-and-control (C2) communication activity with actual network traffic from CloudFront and Microsoft infrastructure, the Graphon backdoor gives the attackers remote network access and covers their existence. The custom downloader's functionality is impressive, as it can create critical system files, add a registry value for a new load-point, and start an embedded web browser at hxxps:/usedust[.]com.

Despite the fact that it appears to be the Backdoor, the actors are only using the URL as a ruse to create confusion, but Graphon is being retrieved from this address. The custom screenshot application captures screenshots of the desktop and saves them to a password-protected ZIP folder, which Graphon then steals. Each ZIP file is kept for a week before being automatically deleted. 

While there isn't enough proof to link Harvester's activities to a single nation-state, the group's use of custom backdoors, intensive efforts to conceal its harmful activity, and targeting all point to it being a state-sponsored actor, according to Symantec researchers. Given the recent upheaval in Afghanistan, the campaign's targeting of organizations in that nation is also intriguing. Harvester's activities make it evident that the goal of this campaign is espionage, which is a common incentive for nation-state-backed action, the researchers added.
Read more »
United States
APT China Cyber Attacks Telecom Firms Threat actors United States

Threat Actors from China Infiltrated a Major Afghan Telecom Provider

 

Just as the US was completing its withdrawal from Afghanistan, several China-linked cyberespionage groups were seen intensifying attacks on a major telecom corporation. Recorded Future, a threat intelligence firm, reported on Tuesday that it has witnessed four different Chinese threat groups target a mail server belonging to Roshan, a large telecom provider in Afghanistan with over 6.5 million subscribers. 

According to Doug Madory, Director of Internet Analysis at Kentik and a veteran observer of worldwide traffic trends, “Roshan is one of the largest suppliers of Internet access to the people of Afghanistan” and a major source of online traffic in and out of the nation. 

Calypso and RedFoxtrot, as well as two different Winnti and PlugX activity clusters that Recorded Future researchers were unable to link to other known actors, carried out the attacks. The researchers believe it's not unusual for Chinese hackers to target the same Roshan mail server because they often have diverse intelligence requirements and don't coordinate their actions. 

Some of the groups had been able to access the mail server for months, but the attacks seemed to pick up steam in August and September, just as US forces were leaving Afghanistan. During this time, the researchers noted an uptick in data exfiltration activity. 

Roshan was told of the compromises by Recorded Future before Insikt Group made the assaults public. A Chinese Embassy spokesperson described pinpointing the source of cyber assaults as a "difficult technological problem" in an email sent after the report was posted. 

“Linking cyber-attacks directly to one certain government is a highly sensitive political issue. China hopes that relevant parties will adopt a professional and responsible attitude,” the statement said. “Qualitativing cyber incidents must be based on sufficient evidence instead of groundless speculation,” the spokesperson wrote. 

The first activity linked to Roshan, according to the experts, was tied to the suspected Chinese state-sponsored group Calypso Advanced Persistent Threat (APT). That infiltration appears to have started in July 2020 and continued through September 2021, with a spike in activity in August and September of this year. 

From at least March through May of this year, the researchers discovered the same Roshan mail server connecting with the infrastructure of another known suspected Chinese APT group, RedFoxtrot. 

According to an Insikt report published Tuesday, RedFoxtrot also appeared to have infiltrated another undisclosed Afghan cellular operator during this time. RedFoxtrot was previously identified as targeting unnamed telecommunications firms in Afghanistan, India, Pakistan, and Kazakhstan, according to a study published by the research team in June. The RedFoxtrot was also linked to Unit 69010 of the People's Liberation Army in Ürümqi, Xinjiang, according to the study.
Read more »
Telecom Firms
Chinese Hackers Cyber Attacks Taiwan Telecom Firms

Chinese Hackers Target Taiwanese Telecom Firms

 

The Insikt Group, the intelligence research department of the US network security consulting firm Recorded Future, published a report on Thursday stating that a group suspected of being funded by the Chinese government is targeting Taiwan, Nepal, and the Philippines telecommunications organizations. 

The threat group, which researchers tracks as Threat Activity Group 22 (TAG-22), is targeting telecommunications, academic, research and development, and government organizations in the three countries. Some of the activity appears to be ongoing as of now, researchers said. 

The latest attack play into a larger backdrop of apparent Chinese hackers snooping on global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States.

“In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms,” researchers wrote. The organization is focused on technology and sustainability projects that align with Chinese development interests. In recent years, Chinese groups have targeted multiple organizations across Taiwan’s semiconductor industry to obtain source code, software development kits, and chip designs.”

Last year, cybersecurity company CyCraft claimed that there was a two-year-long large-scale hacking operation focusing on Taiwan’s semiconductor industry, and this wave of operations is likely to be initiated by Chinese hackers. CrowdStrike, a US computer security technology company, also mentioned in a report last year that telecommunications is one of the areas most frequently targeted by Chinese hackers in the first half of 2020.

The researchers believe TAG-22 is using backdoors used by other Chinese state-sponsored groups, including Winnti Group and ShadowPad for initial access. It also employs open-source security tools like Cobalt Strike. Outside of the telecommunication industry, the threat group has targeted academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and Hongkong. 

While researchers primarily identified the group as operating in Asia, its scope of targets is generally broader, they said. That, as per researchers, puts it in line with other major Chinese hacking groups including APT17 and APT41.
Read more »
Subscribe to: Posts (Atom)