Information Security, Malware and Telecommunications

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. Pierluigi Paganini.

Telecommunications

Telecommunications Malware Media Passwords

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Security Affairs

JUNE 4, 2024

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications.

Telecommunications

Telecommunications Hacking Data breaches Cybercrime

China-linked hackers target telecommunication providers in the Middle East

Security Affairs

MARCH 24, 2023

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. ” reads the report published by SentinelLabs.

Telecommunications

Telecommunications Malware Mobile Internet

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Watch out, WAPDropper malware could subscribe you to premium services

Security Affairs

NOVEMBER 25, 2020

Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. ” continues the analysis.

Malware

Malware Telecommunications Mobile Marketing

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

China-linked APT41 group targets telecommunications companies with new backdoor

Security Affairs

OCTOBER 31, 2019

China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals. The experts found the MessageTap backdoor installed on a Linux-based Short Message Service Center (SMSC) server belonging to an unnamed telecommunications company.

Telecommunications

Telecommunications Malware Advertising Mobile

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware

Malware Telecommunications DNS Hacking

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware

Malware Authentication Telecommunications Government

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Mobile Hacking Architecture

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.

Malware

Malware Telecommunications Encryption Hacking

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Malware

Malware Telecommunications Encryption DDOS

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware

Malware Telecommunications Hacking Internet

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Telecommunications Advertising

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. Pierluigi Paganini.

Malware

Malware VPN Telecommunications Accountability

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs discovered two windows malware platforms, dubbed ‘metaMain’ and ‘Mafalda,’ and evidence of the existence of an additional Linux implant.

Telecommunications

Telecommunications Authentication Malware Internet

Operation GhostShell: MalKamak APT targets aerospace and telco firms

Security Affairs

OCTOBER 7, 2021

Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms. The analysis of the malware employed in the recent Operation GhostShell (version 4.0.1)

Telecommunications

Telecommunications Malware Hacking Information Security

US and UK details a new Python backdoor used by MuddyWater APT group

Security Affairs

FEBRUARY 24, 2022

US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors. The group evolved over the years by adding new attack techniques to its arsenal.

Telecommunications

Telecommunications Malware Government Hacking

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. This circumstance suggests that the threat actor is reusing existing source code to create new malware. ” reads the analysis published by Unit 42. org over port 8443 for C2. While investigating the yrhsywu2009.zapto[.]org

Malware

Malware Telecommunications Government VPN

A Ransomware infected the network of the cybersecurity firm Prosegur

Security Affairs

NOVEMBER 28, 2019

The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. The network of the Prosegur firm was infected with a piece of the Ryuk ransomware , the company temporary limited communications with its customers to avoid the malware spreading.

Ransomware

Ransomware Cybersecurity Telecommunications Advertising

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Security Affairs

OCTOBER 14, 2022

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Information Security

Sandman APT targets telcos with LuaDream backdoor

Security Affairs

SEPTEMBER 22, 2023

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. SentinelLabs clarified that LuaJIT is used by the attackers as an attack vector and is used to install additional malware in the target infrastructure. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Risk

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

MARCH 4, 2024

Security researcher HaxRob discovered a previously undetected Linux backdoor dubbed GTPDOOR, which is specifically crafted to carry out stealth cyber operations within mobile carrier networks. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Firewall Mobile Malware

APT group targets high profile networks in Central Asia

Security Affairs

MAY 16, 2020

Antivirus firms have uncovered and foiled an advanced cyber espionage campaign aimed at a governmental institution and two companies in the telecommunications and gas sector. The security firm ESET and Avast first detected the attacks since September and January respectively. SecurityAffairs – Microcin malware, hacking).

Telecommunications

Telecommunications Malware Advertising Antivirus

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. ” Zloader is a banking malware that has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Internet

Internet Internet DNS Telecommunications

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019. The group hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Since August, FIN11 started targeting organizations in many industries, including defense, energy, finance, healthcare, legal, pharmaceutical, telecommunications, technology, and transportation. Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK.

Ransomware

Ransomware Malware Telecommunications Advertising

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information). Customer proprietary network information (CPNI) is the data collected by telecommunications companies about a consumer’s telephone calls. The telecommunication giant is in the process of notifying impacted customers.

Data breaches

Data breaches Mobile Telecommunications Wireless

A powerful DDoS attack hit Hungarian banks and telecoms services

Security Affairs

SEPTEMBER 26, 2020

Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them.

DDOS

DDOS Banking Telecommunications Advertising

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack.

Ransomware

Ransomware Telecommunications Healthcare Insurance

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

“RedFoxtrot has primarily targeted aerospace and defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan. Experts noticed that RedFoxtrot activity overlaps with groups tracked by other security firms as Temp.Trident and Nomad Panda.

Telecommunications

Telecommunications Government Hacking Malware

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The telco notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. 

Data breaches

Data breaches Telecommunications Banking Mobile

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The group is very sophisticated and used zero-day exploits and complex malware to conduct targeted attacks against governments and organizations in almost every industry, including financial, energy, telecommunications, and education, aerospace.

Malware

Malware Telecommunications Advertising Encryption

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

French President Emmanuel Macron announced that France won’t ban the Chinese giant Huawei from its upcoming 5G telecommunication networks. French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks.

Telecommunications

Telecommunications Advertising Technology Manufacturing

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile

Mobile Data breaches Telecommunications Identity Theft

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Educate your employees on threats and risks such as phishing and malware.

Cybersecurity

Cybersecurity Cybercrime Education Government

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

The group targeted organizations in multiple sectors, including defense, government, electronics, telecommunication, technology, media, telecommunication industries. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

Telecommunications

Telecommunications Technology Government Firmware

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Trending Sources

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

China-linked hackers target telecommunication providers in the Middle East

Cuttlefish malware targets enterprise-grade SOHO routers

Watch out, WAPDropper malware could subscribe you to premium services

China-linked Moshen Dragon abuses security software to sideload malware

China-linked APT41 group targets telecommunications companies with new backdoor

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Nobelium APT uses new Post-Compromise malware MagicWeb

China-linked LightBasin group accessed calling records from telcos worldwide

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Nobelium continues to target organizations worldwide with custom malware

Raspberry Robin malware used in attacks against Telecom and Governments

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Purple Lambert, a new malware of CIA-linked Lambert APT group

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

Operation GhostShell: MalKamak APT targets aerospace and telco firms

US and UK details a new Python backdoor used by MuddyWater APT group

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

A Ransomware infected the network of the cybersecurity firm Prosegur

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Sandman APT targets telcos with LuaDream backdoor

New GTPDOOR backdoor is designed to target telecom carrier networks

APT group targets high profile networks in Central Asia

Microsoft has taken legal and technical action to dismantle the Zloader botnet

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Caketap, a new Unix rootkit used to siphon ATM banking data

FIN11 gang started deploying ransomware to monetize its operations

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

A powerful DDoS attack hit Hungarian banks and telecoms services

Black Basta ransomware gang hit BT Group

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

230K individuals impacted by a data breach suffered by Telco provider Tangerine

DePriMon downloader uses a never seen installation technique

France will not ban Huawei from its upcoming 5G networks

T-Mobile customers were hit with SIM swapping attacks

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Stay Connected