Information Security, Malware and Telecommunications

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Security Affairs

APRIL 28, 2025

Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion techniques.

Telecommunications

Telecommunications Government Malware Hacking

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. Pierluigi Paganini.

Telecommunications

Telecommunications Malware Media Passwords

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Retail

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Security Affairs

JUNE 4, 2024

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications.

Telecommunications

Telecommunications Hacking Data breaches Cybercrime

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

China-linked hackers target telecommunication providers in the Middle East

Security Affairs

MARCH 24, 2023

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. ” reads the report published by SentinelLabs.

Telecommunications

Telecommunications Malware Mobile Hacking

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack.

Ransomware

Ransomware Telecommunications Healthcare Insurance

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

“Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines.

Hacking

Hacking Internet Internet Malware

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 17, 2024

Agency Warns Employees About Phone Use Amid Ongoing China Hack APT Actors Embed Malware within macOS Flutter Applications The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat Iranian “Dream Job” Campaign 11.24

Cryptocurrency

Cryptocurrency Malware Hacking Ransomware

Watch out, WAPDropper malware could subscribe you to premium services

Security Affairs

NOVEMBER 25, 2020

Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. ” continues the analysis.

Malware

Malware Telecommunications Mobile Marketing

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

China-linked APT41 group targets telecommunications companies with new backdoor

Security Affairs

OCTOBER 31, 2019

China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals. The experts found the MessageTap backdoor installed on a Linux-based Short Message Service Center (SMSC) server belonging to an unnamed telecommunications company.

Telecommunications

Telecommunications Malware Advertising Mobile

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware

Malware Telecommunications DNS Hacking

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

These attacks aim at spreading malware by including malicious links that infect devices, phish information by tricking users into sharing personal or financial data, and causing disruptions by overwhelming networks or targeting individuals with spam. The equipment sent nearly 1 million fraudulent messages in 3 days.

Mobile

Mobile Scams Technology Telecommunications

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware

Malware Authentication Telecommunications Government

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Mobile Hacking Architecture

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.

Malware

Malware Telecommunications Encryption Hacking

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware

Malware Telecommunications Hacking Internet

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Malware

Malware Telecommunications Encryption DDOS

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Advertising Telecommunications

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. Pierluigi Paganini.

Malware

Malware VPN Accountability Telecommunications

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Telecommunications

Telecommunications DNS Passwords Hacking

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 4, 2025

CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations FBI shared a list of phishing domains associated with the LabHost PhaaS platform Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack (..)

Cybercrime

Cybercrime Cyber Attacks Malware Phishing

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

China-linked APT UNC3886 targets EoL Juniper routers

Security Affairs

MARCH 12, 2025

Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia. To deploy malware, the threat actor had to first bypass this security mechanism. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits.

Telecommunications

Telecommunications Malware DDOS Technology

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs discovered two windows malware platforms, dubbed ‘metaMain’ and ‘Mafalda,’ and evidence of the existence of an additional Linux implant.

Telecommunications

Telecommunications Authentication Malware Internet

Operation GhostShell: MalKamak APT targets aerospace and telco firms

Security Affairs

OCTOBER 7, 2021

Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms. The analysis of the malware employed in the recent Operation GhostShell (version 4.0.1)

Telecommunications

Telecommunications Malware Hacking Information Security

US and UK details a new Python backdoor used by MuddyWater APT group

Security Affairs

FEBRUARY 24, 2022

US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors. The group evolved over the years by adding new attack techniques to its arsenal.

Telecommunications

Telecommunications Malware Government Hacking

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. This circumstance suggests that the threat actor is reusing existing source code to create new malware. ” reads the analysis published by Unit 42. org over port 8443 for C2. While investigating the yrhsywu2009.zapto[.]org

Malware

Malware Telecommunications Government VPN

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

A new variant of the TrickBot malware is targeting telecommunications organizations in the United States and Hong Kong. Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. SecurityAffairs – malware, Trickbot).

Telecommunications

Telecommunications Malware Advertising Financial Services

A Ransomware infected the network of the cybersecurity firm Prosegur

Security Affairs

NOVEMBER 28, 2019

The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. The network of the Prosegur firm was infected with a piece of the Ryuk ransomware , the company temporary limited communications with its customers to avoid the malware spreading.

Ransomware

Ransomware Cybersecurity Telecommunications Advertising

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Security Affairs

OCTOBER 14, 2022

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Information Security

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware

Spyware Firewall Artificial Intelligence Malware

Sandman APT targets telcos with LuaDream backdoor

Security Affairs

SEPTEMBER 22, 2023

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. SentinelLabs clarified that LuaJIT is used by the attackers as an attack vector and is used to install additional malware in the target infrastructure. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Risk

APT group targets high profile networks in Central Asia

Security Affairs

MAY 16, 2020

Antivirus firms have uncovered and foiled an advanced cyber espionage campaign aimed at a governmental institution and two companies in the telecommunications and gas sector. The security firm ESET and Avast first detected the attacks since September and January respectively. SecurityAffairs – Microcin malware, hacking).

Telecommunications

Telecommunications Malware Advertising Antivirus

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. ” Zloader is a banking malware that has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime

Cybercrime Firewall Social Engineering Ransomware

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Internet

Internet Internet DNS Telecommunications

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Webinars

Trending Sources

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Webinars

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

China-linked hackers target telecommunication providers in the Middle East

Black Basta ransomware gang hit BT Group

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

Watch out, WAPDropper malware could subscribe you to premium services

China-linked Moshen Dragon abuses security software to sideload malware

China-linked APT41 group targets telecommunications companies with new backdoor

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Thai police arrested Chinese hackers involved in SMS blaster attacks

Nobelium APT uses new Post-Compromise malware MagicWeb

Cuttlefish malware targets enterprise-grade SOHO routers

China-linked LightBasin group accessed calling records from telcos worldwide

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Nobelium continues to target organizations worldwide with custom malware

Raspberry Robin malware used in attacks against Telecom and Governments

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Purple Lambert, a new malware of CIA-linked Lambert APT group

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

China-linked APT UNC3886 targets EoL Juniper routers

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

Operation GhostShell: MalKamak APT targets aerospace and telco firms

US and UK details a new Python backdoor used by MuddyWater APT group

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

A Ransomware infected the network of the cybersecurity firm Prosegur

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Sandman APT targets telcos with LuaDream backdoor

APT group targets high profile networks in Central Asia

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Stay Connected