Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics 107

Computers and Electronics Telecommunications Malware Surveillance 107

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. According to public sources, the threat actors targeted ICS of at least 11 Ukrainian telecommunications providers leading to the disruption of their services. ” reads the advisory.

Telecommunications 133

Telecommunications Authentication Data collection Passwords 133

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Telecommunications 304

Telecommunications Media Malware Internet 304

The Hacker News

NOVEMBER 26, 2024

The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.

Hacking 137

Hacking Telecommunications Malware 137

Security Affairs

DECEMBER 4, 2024

British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Ransomware 125

Ransomware Telecommunications Healthcare Insurance 125

Schneier on Security

OCTOBER 15, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Telecommunications 334

Telecommunications Internet Internet Malware 334

Security Affairs

MARCH 24, 2023

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. ” reads the report published by SentinelLabs.

Telecommunications 98

Telecommunications Malware Mobile Internet 98

SecureWorld News

OCTOBER 21, 2021

CrowdStrike recently posted a blog about its investigation into a malicious hacking group known as LightBasin, or UNC1945. Since 2016, this cybercrime organization has been building customized tools to invade the world's telecommunications sector. LightBasin hacks critical infrastructure with intention and competence.

Telecommunications 98

Telecommunications Energy and Utilities Passwords Hacking 98

Malwarebytes

DECEMBER 5, 2024

Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing. Volt Typhoon made headlines earlier this year when the FBI removed their malware from hundreds of routers across the US.

Encryption 141

Encryption Identity Theft Media Telecommunications 141

Security Affairs

NOVEMBER 25, 2024

These attacks aim at spreading malware by including malicious links that infect devices, phish information by tricking users into sharing personal or financial data, and causing disruptions by overwhelming networks or targeting individuals with spam. The equipment sent nearly 1 million fraudulent messages in 3 days.

Mobile 123

Mobile Scams Technology Telecommunications 123

The Hacker News

APRIL 13, 2022

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments.

Malware 119

Malware Telecommunications Internet Internet 119

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The attackers may have gained access to some users’ login credentials after deploying malware on both websites. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Data breaches 145

Data breaches Hacking Telecommunications Advertising 145

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. ” reads the report published by Crowdstrike.

Telecommunications 136

Telecommunications Mobile Hacking Architecture 136

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. SecurityAffairs – hacking, APT). Pierluigi Paganini.

Software 136

Software Malware Telecommunications Antivirus 136

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware 130

Malware DNS Authentication Telecommunications 130

Security Affairs

NOVEMBER 25, 2020

Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. ” continues the analysis.

Malware 126

Malware Telecommunications Mobile Marketing 126

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware 104

Malware Telecommunications DNS Hacking 104

The Last Watchdog

AUGUST 20, 2019

And, increasingly, they come riddled with some of the most invasive types of malware. This is putting consumers and companies in harm’s way through yet another attack vector – one which gives professional hacking collectives another means to compromise online accounts and break into company networks.

Malware 185

Malware Mobile Manufacturing Marketing 185

Bleeping Computer

MAY 15, 2023

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia. [.]

Malware 99

Malware Telecommunications Government Hacking 99

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware 134

Malware Authentication Telecommunications Government 134

CyberSecurity Insiders

SEPTEMBER 21, 2022

Coming to the third news related to malware, Vmware and Microsoft have jointly issued a warning against Chromeloader Malware that has evolved into a major threat in recent times. Hackers are seen using this malware to exploit browsers leading to advertising and affiliate frauds. Last is the news about the Russian-Ukraine war.

Malware 121

Malware Telecommunications Insurance Ransomware 121

Security Affairs

MARCH 12, 2025

Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia. To deploy malware, the threat actor had to first bypass this security mechanism. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, backdoor)

Telecommunications 66

Telecommunications Malware DDOS Technology 66

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Russia)

Telecommunications 107

Telecommunications DNS Passwords Hacking 107

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Malware 134

Malware Telecommunications Encryption DDOS 134

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.

Malware 119

Malware Telecommunications Encryption Hacking 119

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware 125

Malware Hacking Government Telecommunications 125

Security Affairs

MARCH 18, 2025

The attacks carried out by the threat actors aimed at organizations across the government, financial, telecommunications, military, and energy sectors in North America, Europe, Asia, South America, and Australia. Since 2017, the vulnerability has been exploited by APT groups from North Korea, Iran, Russia, and China.

Cybercrime 69

Cybercrime Telecommunications Government Malware 69

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. SecurityAffairs – hacking, LuoYu).

Malware 145

Malware Telecommunications Hacking Internet 145

Security Affairs

DECEMBER 6, 2021

Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. Pierluigi Paganini.

Malware 133

Malware VPN Telecommunications Accountability 133

Security Affairs

OCTOBER 31, 2019

China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals. The experts found the MessageTap backdoor installed on a Linux-based Short Message Service Center (SMSC) server belonging to an unnamed telecommunications company.

Telecommunications 75

Telecommunications Malware Advertising Mobile 75

CyberSecurity Insiders

JUNE 28, 2022

The anti-malware firm is linking the attackers to a Chinese group of Threat Actors and confirmed that the threat actors have interests in targeting SMBs from Asian countries as often such companies do not have enough resources to tackle such attacks.

Malware 111

Malware Telecommunications Surveillance Cyber threats 111

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware 128

Malware Cyber threats Advertising Telecommunications 128

Security Affairs

JANUARY 31, 2024

Researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities. ” Sliver is a post-exploitation framework that is gaining notoriety in the hacking underground as an alternative to the Cobalt Strike framework.

VPN 127

VPN Malware Authentication Small Business 127

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government 98

Government Malware Telecommunications Cybercrime 98

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs discovered two windows malware platforms, dubbed ‘metaMain’ and ‘Mafalda,’ and evidence of the existence of an additional Linux implant.

Telecommunications 145

Telecommunications Authentication Malware Internet 145

Security Affairs

FEBRUARY 15, 2025

custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware 69

Spyware Firewall Artificial Intelligence Malware 69

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 126

Malware Encryption Telecommunications Authentication 126