Cybercrime, Telecommunications and VPN - Cyber Security Informer

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. SecurityAffairs – Fox Kitten campaign, VPN ). Pierluigi Paganini.

VPN

VPN Telecommunications Advertising Hacking

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. The employee phishing page bofaticket[.]com. Image: urlscan.io. ” SPEAR VISHING.

Phishing

Phishing VPN Social Engineering Media

Lapsus$ gang claims to have hacked Microsoft source code repositories

Security Affairs

MARCH 21, 2022

Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T.

Hacking

Hacking Telecommunications InfoSec Cybercrime

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. Source SSU. The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

Ransomware

Ransomware DDOS Telecommunications Malware

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Security Affairs

MARCH 22, 2022

Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Now the cybercrime gang claims to have leaked the source code for some Microsoft projects, including Bing and Cortana.

Cybercrime

Cybercrime Telecommunications VPN Hacking

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. The popular investigator and journalist Brian Krebs first surmised that the LAPSUS$ gang has breached T-Mobile after he reviewed a copy of the private chat messages between members of the cybercrime group. ” wrote Krebs.

Mobile

Mobile VPN Social Engineering Telecommunications

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

Yesterday the cybercrime gang leaked 37GB of source code stolen from Microsoft’s Azure DevOps server. virtual private network (VPN), remote desktop protocol (RDP), virtual desktop infrastructure (VDI) including Citrix, or Identity providers (including Azure Active Directory, Okta)). ” continues the analysis.

Accountability

Accountability VPN Social Engineering Hacking

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities Telecommunications Technology Government

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime

Cybercrime Firewall Social Engineering Ransomware

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers. In this report, we explore Scattered Spider’s evolution from low-level cybercrimes to partnering with ransomware groups to target major organizations.

Social Engineering

Social Engineering Engineering Accountability Backups

New spear phishing campaign targets Russian dissidents

Malwarebytes

MARCH 29, 2022

We’ve also observed several different wipers and cybercrime groups such as FormBook using the same tactics. The spear phishing emails are warning people that use websites, social networks, instant messengers and VPN services that have been banned by the Russian Government and that criminal charges will be laid.

Phishing

Phishing Education Telecommunications Technology

WinDealer dealing on the side

SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors.

Malware

Malware Encryption Social Engineering Telecommunications

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. There is, of course, a documented porosity between the ransomware ecosystem and other cybercrime domains such as carding or point-of-sale (PoS) hacking. Access sellers.

Ransomware

Ransomware Encryption Malware Cybercrime

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers. In this report, we explore Scattered Spider’s evolution from low-level cybercrimes to partnering with ransomware groups to target major organizations.

Social Engineering

Social Engineering Engineering Accountability Backups

Reassessing cyberwarfare. Lessons learned in 2022

SecureList

DECEMBER 14, 2022

According to the same article, another such attack took place in the late 1990s when the American military attacked a Serbian telecommunications network. This operation included blowing up cellphone towers and communication grids as well as jamming and cyberattacks against Iraq’s telephone networks.

DDOS

DDOS Ransomware Government Energy and Utilities

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

NOVEMBER 25, 2020

In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The past year — a harrowing period for the world economy — culminated in the spike of cybercrime. The most severe financial damage has occurred as a result of ransomware activity.

Banking

Banking Ransomware Phishing Marketing

DDoS attacks in Q1 2021

SecureList

MAY 10, 2021

To prevent attacks via RDP, it is recommended to hide RDP servers behind a VPN or disable UDP port 3389. That said, a VPN is no panacea if it too is vulnerable to amplification attacks. In Q1 2021, for instance, attackers went after Powerhouse VPN servers.

DDOS

DDOS Cryptocurrency Media Marketing

APT trends report Q1 2021

SecureList

APRIL 27, 2021

The attackers used vulnerabilities in an SSL-VPN product to deploy a multi-layered loader we dubbed Ecipekac (aka DESLoader, SigLoader and HEAVYHAND). The victims we observed were all high-profile Tunisian organizations, such as telecommunications or aviation companies. We attribute this activity to APT10 with high confidence.

Malware

Malware Government Spyware Social Engineering

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

From a different angle, reporting from The Intercept revealed mobile surveillance capabilities available to Iran for the purposes of domestic investigations that leverage direct access to (and cooperation of) local telecommunication companies. One of the major cyber-incidents of 2022 took place early this year: the Okta hack.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Voice Phishers Targeting Corporate VPNs

Trending Sources

Lapsus$ gang claims to have hacked Microsoft source code repositories

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Lapsus$ extortion gang leaked the source code for some Microsoft projects

T-Mobile confirms Lapsus$ had access its systems

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Scattered Spider x RansomHub: A New Partnership

New spear phishing campaign targets Russian dissidents

WinDealer dealing on the side

Ransomware world in 2021: who, how and why

Scattered Spider x RansomHub: A New Partnership

Reassessing cyberwarfare. Lessons learned in 2022

Group-IB Hi-Tech Crime Trends 2020/2021 report

DDoS attacks in Q1 2021

APT trends report Q1 2021

Advanced threat predictions for 2023

Stay Connected