Information Security, Malware and Telecommunications

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. Pierluigi Paganini.

Telecommunications

Telecommunications Malware Media Passwords

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Security Affairs

JUNE 4, 2024

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications.

Telecommunications

Telecommunications Hacking Data breaches Cybercrime

China-linked hackers target telecommunication providers in the Middle East

Security Affairs

MARCH 24, 2023

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. ” reads the report published by SentinelLabs.

Telecommunications

Telecommunications Malware Mobile Internet

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack.

Ransomware

Ransomware Telecommunications Healthcare Insurance

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

“Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines.

Hacking

Hacking Internet Internet Government

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Watch out, WAPDropper malware could subscribe you to premium services

Security Affairs

NOVEMBER 25, 2020

Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. ” continues the analysis.

Malware

Malware Telecommunications Mobile Marketing

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

China-linked APT41 group targets telecommunications companies with new backdoor

Security Affairs

OCTOBER 31, 2019

China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals. The experts found the MessageTap backdoor installed on a Linux-based Short Message Service Center (SMSC) server belonging to an unnamed telecommunications company.

Telecommunications

Telecommunications Malware Advertising Mobile

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware

Malware Telecommunications DNS Hacking

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

These attacks aim at spreading malware by including malicious links that infect devices, phish information by tricking users into sharing personal or financial data, and causing disruptions by overwhelming networks or targeting individuals with spam. The equipment sent nearly 1 million fraudulent messages in 3 days.

Mobile

Mobile Scams Technology Telecommunications

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware

Malware Authentication Telecommunications Government

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Mobile Hacking Architecture

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.

Malware

Malware Telecommunications Encryption Hacking

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware

Malware Telecommunications Hacking Internet

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Malware

Malware Telecommunications Encryption DDOS

China-linked APT UNC3886 targets EoL Juniper routers

Security Affairs

MARCH 12, 2025

Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia. To deploy malware, the threat actor had to first bypass this security mechanism. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits.

Telecommunications

Telecommunications Malware DDOS Technology

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Advertising Telecommunications

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. Pierluigi Paganini.

Malware

Malware VPN Telecommunications Accountability

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Telecommunications

Telecommunications DNS Passwords Hacking

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs discovered two windows malware platforms, dubbed ‘metaMain’ and ‘Mafalda,’ and evidence of the existence of an additional Linux implant.

Telecommunications

Telecommunications Authentication Malware Internet

Operation GhostShell: MalKamak APT targets aerospace and telco firms

Security Affairs

OCTOBER 7, 2021

Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms. The analysis of the malware employed in the recent Operation GhostShell (version 4.0.1)

Telecommunications

Telecommunications Malware Hacking Information Security

US and UK details a new Python backdoor used by MuddyWater APT group

Security Affairs

FEBRUARY 24, 2022

US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors. The group evolved over the years by adding new attack techniques to its arsenal.

Telecommunications

Telecommunications Malware Government Hacking

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. This circumstance suggests that the threat actor is reusing existing source code to create new malware. ” reads the analysis published by Unit 42. org over port 8443 for C2. While investigating the yrhsywu2009.zapto[.]org

Malware

Malware Telecommunications Government VPN

A Ransomware infected the network of the cybersecurity firm Prosegur

Security Affairs

NOVEMBER 28, 2019

The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. The network of the Prosegur firm was infected with a piece of the Ryuk ransomware , the company temporary limited communications with its customers to avoid the malware spreading.

Ransomware

Ransomware Cybersecurity Telecommunications Advertising

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Security Affairs

OCTOBER 14, 2022

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Information Security

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Security Affairs

MARCH 24, 2025

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. Sygnia attributes its activities to China based on the use of Zyxel routers operated by Southeast Asian telecommunication providers, backdoors linked to Chinese groups, and operations during GMT +8 business hours.

Telecommunications

Telecommunications Encryption Accountability Firewall

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware

Spyware Firewall Artificial Intelligence Malware

Sandman APT targets telcos with LuaDream backdoor

Security Affairs

SEPTEMBER 22, 2023

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. SentinelLabs clarified that LuaJIT is used by the attackers as an attack vector and is used to install additional malware in the target infrastructure. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Risk

APT group targets high profile networks in Central Asia

Security Affairs

MAY 16, 2020

Antivirus firms have uncovered and foiled an advanced cyber espionage campaign aimed at a governmental institution and two companies in the telecommunications and gas sector. The security firm ESET and Avast first detected the attacks since September and January respectively. SecurityAffairs – Microcin malware, hacking).

Telecommunications

Telecommunications Malware Advertising Antivirus

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. ” Zloader is a banking malware that has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime

Cybercrime Firewall Social Engineering Ransomware

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Internet

Internet Internet DNS Telecommunications

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019. The group hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Since August, FIN11 started targeting organizations in many industries, including defense, energy, finance, healthcare, legal, pharmaceutical, telecommunications, technology, and transportation. Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK.

Ransomware

Ransomware Malware Telecommunications Advertising

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information). Customer proprietary network information (CPNI) is the data collected by telecommunications companies about a consumer’s telephone calls. The telecommunication giant is in the process of notifying impacted customers.

Data breaches

Data breaches Mobile Telecommunications Wireless

A powerful DDoS attack hit Hungarian banks and telecoms services

Security Affairs

SEPTEMBER 26, 2020

Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them.

DDOS

DDOS Banking Telecommunications Advertising

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Trending Sources

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

China-linked hackers target telecommunication providers in the Middle East

Black Basta ransomware gang hit BT Group

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Cuttlefish malware targets enterprise-grade SOHO routers

Watch out, WAPDropper malware could subscribe you to premium services

China-linked Moshen Dragon abuses security software to sideload malware

China-linked APT41 group targets telecommunications companies with new backdoor

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Thai police arrested Chinese hackers involved in SMS blaster attacks

Nobelium APT uses new Post-Compromise malware MagicWeb

China-linked LightBasin group accessed calling records from telcos worldwide

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

China-linked APT UNC3886 targets EoL Juniper routers

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Nobelium continues to target organizations worldwide with custom malware

Raspberry Robin malware used in attacks against Telecom and Governments

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Purple Lambert, a new malware of CIA-linked Lambert APT group

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

Operation GhostShell: MalKamak APT targets aerospace and telco firms

US and UK details a new Python backdoor used by MuddyWater APT group

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

A Ransomware infected the network of the cybersecurity firm Prosegur

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Sandman APT targets telcos with LuaDream backdoor

APT group targets high profile networks in Central Asia

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Caketap, a new Unix rootkit used to siphon ATM banking data

FIN11 gang started deploying ransomware to monetize its operations

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

A powerful DDoS attack hit Hungarian banks and telecoms services

Stay Connected