Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label telecommunications. Show all posts
telecommunications
Data Breach Orange Group Security Systems Sensitive data telecommunications

Hacker Leaks Stolen Data After Cyberattack on Orange Group

 


A hacker has claimed responsibility for breaking into the systems of Orange Group, a well-known French telecommunications provider. The attacker alleges that they stole a large number of internal files, including confidential details about customers and employees. After failing to extort the company, the hacker released some of this data on an underground forum.  


Orange Verifies the Cyberattack  

Orange Group has acknowledged the breach, stating that the attack targeted a non-essential system. The company has started an internal investigation and is taking steps to limit the damage. However, reports suggest that significant amounts of data have already been exposed.  

The hacker, who goes by the online name Rey, is associated with a cybercriminal group called HellCat. Despite this, Rey insists that this was not a ransomware attack. The breach primarily impacted Orange Romania, a regional branch of the company.  


What Information Was Compromised?  

According to the hacker, the stolen files contain nearly 380,000 email addresses, as well as confidential company records. The leaked data includes:  

• Customer and employee details  

• Business contracts and invoices  

• Internal source code  

• Payment card information, though many of these details are outdated  

Some of the email addresses in the leaked files belonged to former employees and business partners who had been associated with Orange Romania over five years ago. Additionally, the breach affected records from Yoxo, Orange’s subscription-based mobile service.  


How Did the Breach Occur?  

Rey claims to have accessed Orange’s systems for over a month before stealing data. The hacker reportedly gained entry using stolen login credentials and weaknesses in Jira, a software tool the company uses for project management and issue tracking.  

On the day of the attack, the hacker extracted company files for about three hours without triggering any security alerts. They also left a ransom note, but Orange did not respond or engage in negotiations.  


Orange’s Official Statement  

When asked about the breach, an Orange spokesperson confirmed that their Romanian operations had been targeted by hackers. The company’s cybersecurity and IT teams are currently working to understand the full extent of the breach and are focused on reducing its impact.  


A Pattern of Attacks?  

This is not the first time attackers have used Jira security flaws to steal information from large corporations. In similar cases, cybercriminals have managed to extract huge amounts of data, including 40GB in one breach and 2.5GB in another.  

This incident shows us the reality of weakened security systems and stolen login details can allow hackers to infiltrate major organizations. Companies must regularly update their cybersecurity measures to prevent such attacks. Employees and customers affected by this breach should remain cautious of phishing scams or fraudulent activities that may arise from their leaked data.  

As the investigation progresses, more details about the Orange Group breach may emerge. For now, the company is working on securing its systems and preventing further exposure of sensitive information.

Read more »
telecommunications
AI Scams AI tools Cyber Security CyberCrime Fake Documents financial scams Fraud Online fraud SE Asia SIM telecommunications

Tamil Nadu Police, DoT Target SIM Card Fraud in SE Asia with AI Tools

 

The Cyber Crime Wing of Tamil Nadu Police, in collaboration with the Department of Telecommunications (DoT), is intensifying efforts to combat online fraud by targeting thousands of pre-activated SIM cards used in South-East Asian countries, particularly Laos, Cambodia, and Thailand. These SIM cards have been linked to numerous cybercrimes involving fraudulent calls and scams targeting individuals in Tamil Nadu. 

According to police sources, investigators employed Artificial Intelligence (AI) tools to identify pre-activated SIM cards registered with fake documents in Tamil Nadu but active in international locations. These cards were commonly used by scammers to commit fraud by making calls to unsuspecting victims in the State. The scams ranged from fake online trading opportunities to fraudulent credit or debit card upgrades. A senior official in the Cyber Crime Wing explained that a significant discrepancy was observed between the number of subscribers who officially activated international roaming services and the actual number of SIM cards being used abroad. 

The department is now working closely with central agencies to detect and block suspicious SIM cards.  The use of AI has proven instrumental in identifying mobile numbers involved in a disproportionately high volume of calls into Tamil Nadu. Numbers flagged by AI analysis undergo further investigation, and if credible evidence links them to cybercrimes, the SIM cards are promptly deactivated. The crackdown follows a series of high-profile scams that have defrauded individuals of significant amounts of money. 

For example, in Madurai, an advocate lost ₹96.57 lakh in June after responding to a WhatsApp advertisement promoting international share market trading with high returns. In another case, a government doctor was defrauded of ₹76.5 lakh through a similar investment scam. Special investigation teams formed by the Cyber Crime Wing have been successful in arresting several individuals linked to these fraudulent activities. Recently, a team probing ₹38.28 lakh frozen in various bank accounts apprehended six suspects. 

Following their interrogation, two additional suspects, Abdul Rahman from Melur and Sulthan Abdul Kadar from Madurai, were arrested. Authorities are also collaborating with police in North Indian states to apprehend more suspects tied to accounts through which the defrauded money was transacted. Investigations are ongoing in multiple cases, and the police aim to dismantle the network of fraudsters operating both within India and abroad. 

These efforts underscore the importance of using advanced technology like AI to counter increasingly sophisticated cybercrime tactics. By addressing vulnerabilities such as fraudulent SIM cards, Tamil Nadu’s Cyber Crime Wing is taking significant steps to protect citizens and mitigate financial losses.
Read more »
TSP
Calling Line Identity Cyber Fraud Cyberattacks CyberCrime Cybersecurity Cyberthreats DoT Fraud Calls Spoofed Calls telecommunications TSP

DoT Introduces New System to Block Spoofed Calls

 


There has been an increase in fraudulent telephone calls disguised as local numbers in recent years which has alarmed Indian citizens. Messages sent by cybercriminals operating internationally originate from Calling Line Identity (CLI) systems that allow them to mask their true origins by masking their callers' actual localizations. Some victims have reported threats of being disconnected from their mobile phone service, being falsely arrested, being impersonated as government officials, and being falsely accused of marijuana and sex fraud. 

To deal with this escalating threat, the Department of Telecommunications (DoT) is taking significant steps to ensure citizens' safety while enhancing the security of the telecommunication ecosystem as a whole. As a result of the unfortunate development of a fraudulent call in Agra, the Department of Telecommunications (DoT) has decided to deactivate the WhatsApp account which was linked to the scam call in Agra, but it couldn't be deactivated until Friday. 

Governing bodies are urging citizens to report any suspicious messages or calls via the Chakshu portal at http://sancharsaathi.gov.in/chakshu so that the DoT can investigate. DoT has introduced a new system for the detection and blocking of international or spoofed calls before they enter Indian territory in response to the increased threat of scams of this nature. This system has been developed in collaboration with Telecom Service Providers (TSPs) to prevent such scams from reaching Indian users. This system will be implemented at both a local level and at a central level. 

The first stage will be on the local level where calls will be blocked with numbers won from subscribers belonging to TSPs, and a second stage will be implemented at a central level where spoofed calls will be blocked with numbers won from other TSPs. It wants to put a stop to the rising number of fraudulent calls, which are being disguised as coming from Indian mobile numbers, according to a statement released by the Department of Telecommunications on Friday. 

A large number of these calls are being manipulated by cybercriminals operating from distant locations.  It was stated in the statement that criminals were utilizing Calling Line Identity (CLI) to mask the actual origin of the phone calls. This has led to a spate of incidents where mobile numbers were threatened to be disconnected, false digital arrests were made, and even law enforcement officials were impersonated. 

There has been an increase in the number of false accusations related to drugs, narcotics, and sex rackets in recent years, further intensifying public concerns about these activities. The Indian Department of Telecom (DoT) recently announced that it had implemented the system successfully in all four TSPs and that about one-third of the total spoofed calls at 4.5 million spoofed calls have been intercepted before they can enter the Internet. 

The next phase of this project, which involves a centralized system to eliminate all spoofed calls throughout all TSPs, is expected to be completed within a short timeframe. Moreover, the Department of Transport has established the Sanchar Saathi portal, which acts as a citizen-centric platform by allowing citizens to report suspected fraudulent messages and communications, report stolen or lost devices, verify whether a mobile device is genuine before buying it, and report incoming international calls made from Indian numbers to the DoT. 

Aside from that, the Department of Transportation launched a Digital Intelligence Platform (DIP), which is a secure online platform that will allow stakeholders such as banks and telecom companies to exchange real-time information with one another to prevent the misuse of telecommunications services.  According to the DoT, the department also announced that 1.77 million mobile connections were disconnected as a result of fake documentation. 

Additionally, cybercriminals have been punished for their crimes with targeted actions, including the blocking of 33.48 lakh connections and 49,930 handsets that they used.  As part of this program, 12.02 lakh out of the 21.03 lakh reported lost and stolen smartphones were traced and 2.29 lakh devices linked to cybercrime activities were blocked.  As a citizen, the Sanchar Saathi platform offers a tool for citizens to report suspected incidents of fraud through the Chakshu feature, which can help deter identity theft, exploitation, and other forms of cybercrime. 

There are various ways to report scams, including providing screenshots, describing the type of scams, providing details on the medium using which they were communicated, including the time and date when the suspicious contact occurred, etc. To make sure that the submission process is as secure as possible, OTP-based verification is included in the process. This is why DoT has issued an advisory urging citizens to report suspicious calls and messages through the 'Chakshu' facility on the Sanchar Saathi (https://sancharsaathi.gov.in/) platform to play a more active role in combating this issue. 

The user can also provide additional information about suspected fraudulent communications, including screenshots, the medium of receipt, and a description of the intended type of fraud, in addition to the screenshots. Authentication of the identity will be carried out through the use of a one-time password (OTP). Citizens must safeguard themselves from cyber fraud by taking proactive measures such as the Chakshu facility. As a result, it can be used by fraud investigators as a tool to help detect scams earlier and prevent significant losses from occurring.

The Department of Transportation is undertaking a broad range of initiatives. The Department of Telecommunications (DoT) has implemented several initiatives aimed at addressing the misuse of telecom resources, with a focus on combating cybercrime and financial fraud. One of the key measures introduced is the Digital Intelligence Unit (DIU). This initiative is designed to strengthen the monitoring of telecom activities and intervene effectively to prevent cybercrime and fraudulent activities. 

The DIU works to improve oversight by utilizing advanced systems that enhance the detection of suspicious activities across the telecom network. Another significant platform launched by the DoT is the Sanchar Saathi Portal. This citizen-focused portal empowers users to actively report cases of telecom fraud, track all mobile connections registered under their name, and block devices that have been lost or stolen. 

Additionally, the portal allows users to verify the authenticity of mobile handsets, ensuring they are not using counterfeit or compromised devices. The DoT has also introduced the Digital Intelligence Platform (DIP), which serves as a secure online interface for various stakeholders, including Telecom Service Providers (TSPs), banks, and law enforcement agencies. This platform facilitates the sharing of critical information related to the misuse of telecom resources. 

Through DIP, real-time updates on disconnected mobile connections are made available, allowing for swift action to be taken in fraud prevention and mitigation. Moreover, the DoT has deployed AI-based tools to enhance the detection of mobile connections obtained through fraudulent documentation. These tools identify connections linked to illegal or fake credentials, as well as the associated devices used in fraudulent activities. Once detected, these connections and devices are systematically removed from the telecom ecosystem, thereby enhancing the integrity and security of the network.
Read more »
TRAI
Fraud Calls Mobile Security SIM SIM swap Spam Call telecommunications TRAI

TRAI Updates Regulations to Prevent SIM Swap Fraud in Telecom Porting

 

The Telecom Regulatory Authority of India (TRAI) recently announced updated regulations aimed at combating SIM swap fraud in the telecom sector. According to the new regulations, telecom subscribers will be prohibited from porting out of their current network provider if they have recently "swapped" their SIM card due to loss or damage within the past seven days. 

This amendment is intended to prevent fraudulent activities by disallowing the issuance of a "unique porting code" (UPC), which is the initial step in changing providers using mobile number portability. 

The TRAI highlighted that this measure is part of its broader efforts to address concerns related to fraudulent and spam calls, which have been on the rise in recent years. In addition to SIM swap fraud, spam calls and messages have become a significant nuisance for telecom subscribers, leading to increased efforts by regulatory authorities to combat such activities. 

Previous anti-spam measures undertaken by TRAI include the establishment of a do-not-disturb registry, the release of an app for filing complaints against telemarketers, and the enforcement of regulations on transactional SMS messages by businesses. 

However, despite these efforts, fraudulent activities continue to pose challenges for both regulators and consumers. In addition to the prohibition on porting after SIM card swapping, TRAI has recommended to the Department of Telecommunications (DoT) the implementation of a feature that would display the legally registered name of every caller on recipients' handsets. This proposal aims to enhance transparency and enable recipients to identify the origin of incoming calls more accurately. 

However, the proposal has faced criticism on privacy grounds, with concerns raised about the potential misuse of caller identification information. To further address concerns related to fraudulent communication, the DoT has introduced its own portal called Chakshu for reporting suspected fraud communication. This platform allows users to report instances of suspected fraud, helping regulatory authorities to track and investigate fraudulent activities more effectively. 

Furthermore, the TRAI is considering a suggestion from the DoT regarding the verification of subscriber identity during the porting process. Currently, porting requires only the possession of an unblocked SIM, with know-your-customer (KYC) processes conducted anew. This policy has implications for minors and other dependents whose SIMs may not be registered in their names. 

The suggestion to double-check KYC during porting will be examined separately by TRAI. Overall, TRAI's efforts to strengthen regulations in the telecom sector aim to enhance security and protect consumers from fraudulent activities such as SIM swap fraud. By implementing measures to prevent unauthorized porting and enhancing transparency in caller identification, TRAI seeks to safeguard the interests of telecom subscribers in India. However, as fraudsters continue to evolve their tactics, regulatory authorities will need to remain vigilant and adapt their strategies accordingly to stay ahead of emerging threats.
Read more »
Vulnerabilities and Exploits
Houthi Rebels Red Sea Cable telecommunications Undersea Cable Vulnerabilities and Exploits

Red Sea Cable Damage Disrupts Internet Traffic Across Continents

 


Recently, in a telecommunications setback, damage to submarine cables in the Red Sea is causing disruptions in communication networks, affecting a quarter of the traffic between Asia, Europe, and the Middle East, including internet services. Four major telecom networks, including Hong Kong's HGC Global Communications, report that cables have been cut, leading to a substantial impact on communication in the Middle East. HGC estimates that approximately 25% of traffic between Asia and Europe, as well as the Middle East, has been affected.

To mitigate the disruption, HGC is rerouting traffic and providing assistance to affected businesses. However, the company has not disclosed the cause of the cable damage or identified those responsible. Seacom, a South Africa-based company owning one of the affected cable systems, has stated that repairs will not commence for at least a month due in part to the time needed to secure permits for operation in the area.

These undersea cables, largely funded by internet giants such as Google, Microsoft, Amazon, and Meta (Facebook's parent company), are the backbone of the internet. Damage to these subsea networks can result in widespread internet outages, reminiscent of the aftermath of the 2006 Taiwan earthquake.

The recent damage in the Red Sea follows warnings from the official Yemeni government about the potential targeting of cables by Houthi rebels. These Iranian-backed militants have previously disrupted global supply chains by attacking commercial vessels in the crucial waterway. While Israeli reports suggested Houthi involvement in the cable damage, rebel leader Abdel Malek al-Houthi denied these allegations, blaming British and US military units operating in the area for the destruction.

Prenesh Padayachee, Chief Digital Officer at Seacom, highlights the lengthy process of acquiring permits from the Yemeni maritime authority, estimating up to eight weeks for approval. Until repairs are complete, client traffic will continue to be rerouted to ensure uninterrupted service.

Among the affected networks is Asia-Africa-Europe 1, a 25,000-kilometre cable system connecting South East Asia to Europe via Egypt, and the Europe India Gateway (EIG), which has sustained damage. Vodafone, a major investor in EIG and a prominent mobile network operator in the United Kingdom has declined to comment on the situation.

In response to this disruption, it is essential to note that most large telecom companies rely on multiple undersea cable systems, allowing them to reroute traffic during outages to maintain uninterrupted service for users across the affected regions. The implications of this event underscore the vulnerability of our interconnected global communication infrastructure.

As Seacom and other stakeholders work towards repairing the damaged cables, the global community awaits a resolution to this critical issue that impacts the seamless flow of information across continents.


Read more »
User Privacy
Data Protection Bill Hackers Privacy SIM telecommunications User Privacy

Laws Regulating SIM Card Registration may Violate Private Data

The law protecting personal data in the Philippines was in the works, and it was ultimately passed. A wave of data security breaches in the nation, according to the administration, makes the new data protection measures essential.

Although it's fair to be concerned about internet theft, a progressive group called Bagong Alyansang Makabayan (Bayan) warned on Monday that the new law requiring SIM card registration could be abused to invade people's privacy.

"While abandoning privacy is a more difficult reaction, we are aware of the latest worries around internet scams. Any policy that would jeopardize the right to privacy should be viewed as dangerous," according to Renato Reyes, secretary-general of the Bayan organization. The Philippine government has a long history of violating human rights.

"The SIM register could develop into a huge network of surveillance used against people. Given that the Philippine government has experienced data leaks in the past, the data that is collected might not be kept secure," Renato Reyes stated.

President Ferdinand Marcos gave the SIM card law his first official signature since assuming office on June 30 early that day. It demonstrated the purpose of the Marcos administration to safeguard Filipinos from cybercrime, as per House Speaker Ferdinand Martin Romualdez.

Users of mobile phones are required by Republic Act No. 11934 to register their SIM cards with telecommunications companies. They would then be required to present legitimate identification cards as well as a fully completed registration form.

Those who were unable to produce a legitimate ID might instead show a clearance from the National Bureau of Investigation, a police clearance, or a birth certificate that had been approved by the Philippine Statistics Authority and had an ID photo on it.

Since authorities will be able to determine the owner of a SIM card used for the commission of a crime, even terrorism, supporters of the proposal believe it may be a tool against internet scams. Legislators recently found during hearings on text scams and spam messages sent to cell phones that insufficient regulations made it difficult for law enforcement to pursue cybercriminals.

Read more »
telecommunications
Cyber Crime ISP Linux SentineLabs Telecom telecommunications

Metador APT is Lurking ISPs and Telecom Entities

Researchers at SentinelLabs have discovered a threat actor identified as Metador which primarily targets universities, ISPs, and telecommunications in various Middle Eastern and African nations.

SentintelLabs researchers dubbed the organization Metador after the phrase 'I am meta' that exists in the malicious code as well as the fact that the server messages are often in Spanish. As per the findings revealed at the first-ever LabsCon security conference, the group is thought to have started operating in December 2020, but throughout the past few years, it has managed to remain undetected. 

SentinelLabs senior director Juan Andrés Guerrero-Saade claimed that despite sharing information on Metador with experts at other security companies and government partners, no one was aware of the group.

SentinelLabs researchers found Metador in a Middle Eastern telecommunications business that had been hacked by roughly ten threat actors, including Moshen Dragon and MuddyWater, who all hail from China and Iran. Metador's goal appears to be long-term espionage inventiveness. 

Along with two incredibly complex Windows-based viruses  "metaMain" and "Mafalda," that the gang uses – there are clues of Linux malware, according to the researchers at SentinelLabs.

The attackers loaded both malware into memory and decrypted it using the Windows debugging tool "cdb.exe."

Mafalda is a versatile implant that can support up to 67 commands. Threat actors have regularly updated it, and the more recent iterations of the threat are heavily disguised. The attacker can maintain a persistent connection, log keystrokes, download and upload arbitrary files, and run shellcode thanks to the robust feature set of metaMain, which is used independently.

Mafalda gained support for 13 new commands among two variations that were produced in April and December 2021, adding possibilities for credential theft, network espionage, and file system manipulation. This is proof that Mafalda is being actively developed by its developers.

Attack chains have also included unidentified Linux malware that is used to collect data from the infected environment and send it back to Mafalda. The intrusions' entrance vector has not yet been identified.

Running into Metador is a serious reminder that another category of threat actors still operates covertly and without consequence. Security product creators should seize the chance to actively design their products to keep an eye out for the most sophisticated, well-funded hackers.



Read more »
User Privacy
APT attacks Chinese Hackers Cyber Attacks Palo Alto Networks' Unit 42 telecommunications Trojan Attacks Unauthorized Websites User Privacy

 GALLIUM APT Deployed a New PingPull RAT

According to Palo Alto Networks researchers, the PingPull RAT is a "difficult-to-detect" backdoor that uses the Internet Control Message Protocol (ICMP) for C2 connections. Experts also discovered PingPull variations that communicate with each other using HTTPS and TCP rather than ICMP.

Gallium, a Chinese advanced Trojan horse (APT), has an ancient legacy of cyberespionage on telecommunications companies, dating back to 2012. In 2017, the state-sponsored entity, also called Soft Cell by Cybereason, has been linked to a broader range of attacks aimed at five major Southeast Asian telecom businesses. However, during the last year, the group's victimology has expanded to include financial institutions and government agencies in Afghanistan, Austria, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. 

A threat actor can use PingPull, a Visual C++-based virus, to gain access to a reverse shell and run unauthorized commands on a compromised computer. File operations, detailing storage volumes, and timestamping files are all part of it now. 

The researchers explained that "PingPull samples which use ICMP for C2 communications issue ICMP Echo Request (ping) packets to the C2 server." "The C2 server will send commands to the system by responding to these Echo queries with an Echo-Reply packet." 

PingPull variants that use HTTPS and TCP rather than ICMP to interact with its C2 server have been discovered, along with over 170 IP addresses associated with the company since late 2020. Although the threat actor is recognized to exploit internet-exposed programs to acquire an initial foothold and deploy a customized form of the China Chopper web shell to create persistence, it's not obvious how the targeted networks are hacked. 

Throughout Southeast Asia, Europe, and Africa, the GALLIUM trojan continues to pose a serious danger to telecommunications, finance, and government organizations. It is recommended all businesses use the results of researchers to inform the implementation of protective measures to guard against this threat group, which has deployed a new capability called PingPull in favor of its espionage efforts.
Read more »
Subscribe to: Posts (Atom)