Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. The popular investigator and journalist Brian Krebs first surmised that the LAPSUS$ gang has breached T-Mobile after he reviewed a copy of the private chat messages between members of the cybercrime group. ” wrote Krebs.

Mobile 102

Mobile VPN Social Engineering Telecommunications 102

Security Affairs

MARCH 23, 2022

Yesterday the cybercrime gang leaked 37GB of source code stolen from Microsoft’s Azure DevOps server. virtual private network (VPN), remote desktop protocol (RDP), virtual desktop infrastructure (VDI) including Citrix, or Identity providers (including Azure Active Directory, Okta)). ” continues the analysis.

Accountability 103

Accountability VPN Social Engineering Hacking 103

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities 131

Energy and Utilities Telecommunications Technology Government 131

Malwarebytes

MARCH 29, 2022

We’ve also observed several different wipers and cybercrime groups such as FormBook using the same tactics. The spear phishing emails are warning people that use websites, social networks, instant messengers and VPN services that have been banned by the Russian Government and that criminal charges will be laid.

Phishing 91

Phishing Education Telecommunications Technology 91

Digital Shadows

OCTOBER 23, 2024

Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers. In this report, we explore Scattered Spider’s evolution from low-level cybercrimes to partnering with ransomware groups to target major organizations.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

SecureList

MAY 12, 2021

Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. There is, of course, a documented porosity between the ransomware ecosystem and other cybercrime domains such as carding or point-of-sale (PoS) hacking. Access sellers.

Ransomware 145

Ransomware Encryption Malware Cybercrime 145

SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors.

Malware 137

Malware Encryption Social Engineering Telecommunications 137

Digital Shadows

OCTOBER 23, 2024

Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers. In this report, we explore Scattered Spider’s evolution from low-level cybercrimes to partnering with ransomware groups to target major organizations.

Social Engineering 52

Social Engineering Engineering Accountability Backups 52

SecureList

DECEMBER 14, 2022

According to the same article, another such attack took place in the late 1990s when the American military attacked a Serbian telecommunications network. This operation included blowing up cellphone towers and communication grids as well as jamming and cyberattacks against Iraq’s telephone networks.

DDOS 145

DDOS Ransomware Government Energy and Utilities 145

Security Affairs

NOVEMBER 25, 2020

In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The past year — a harrowing period for the world economy — culminated in the spike of cybercrime. The most severe financial damage has occurred as a result of ransomware activity.

Banking 142

Banking Ransomware Phishing Marketing 142

SecureList

MAY 10, 2021

To prevent attacks via RDP, it is recommended to hide RDP servers behind a VPN or disable UDP port 3389. That said, a VPN is no panacea if it too is vulnerable to amplification attacks. In Q1 2021, for instance, attackers went after Powerhouse VPN servers.

DDOS 138

DDOS Cryptocurrency Media Marketing 138

SecureList

APRIL 27, 2021

The attackers used vulnerabilities in an SSL-VPN product to deploy a multi-layered loader we dubbed Ecipekac (aka DESLoader, SigLoader and HEAVYHAND). The victims we observed were all high-profile Tunisian organizations, such as telecommunications or aviation companies. We attribute this activity to APT10 with high confidence.

Malware 145

Malware Government Spyware Social Engineering 145

SecureList

NOVEMBER 14, 2022

From a different angle, reporting from The Intercept revealed mobile surveillance capabilities available to Iran for the purposes of domestic investigations that leverage direct access to (and cooperation of) local telecommunication companies. One of the major cyber-incidents of 2022 took place early this year: the Okta hack.

Firmware 130

Firmware Surveillance Mobile Telecommunications 130