Information Security, Telecommunications and VPN

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. SecurityAffairs – Fox Kitten campaign, VPN ). Pierluigi Paganini.

VPN

VPN Advertising Telecommunications Hacking

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Small Business Telecommunications

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. Targets span across the globe, they include both small businesses and large organizations. The experts published the Yara rule for the detection of similar KrustyLoader samples.

VPN

VPN Malware Authentication Small Business

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Government

Government VPN Telecommunications Advertising

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

Soldier Major cybercrime operation nets 1,006 suspects UK hospital network postpones procedures after cyberattack Tether Has Become a Massive Money Laundering Tool for Mexican Drug Traffickers, Feds Say Florida Telecommunications and Information Technology Worker Sentenced for Conspiring to Act as Agent of Chinese Government Rockstar 2FA: A Driving (..)

Cybercrime

Cybercrime Firewall Social Engineering Ransomware

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

Sorry, It’s Windows Malware Malware Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach Google Tag Manager Skimmer Steals Credit Card Info From Magento Site From South America to Southeast Asia: The Fragile Web of REF7707 Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling Hacking (..)

Spyware

Spyware Firewall Artificial Intelligence Malware

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. The Nobelium cyberspies is using a new custom downloader tracked by the researchers as CEELOADER. ” reads the report published by Mandiant.

Malware

Malware VPN Telecommunications Accountability

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

ProtonMail comes with PGP fully integrated, thus allowing you to send sensitive information securely without any extra effort. Just select the right app, create a secure channel, and you are good to go. VPNs or Virtual Private Networks give you a secure platform where you can get a secure tunnel to send and receive information.

VPN

VPN Passwords Encryption Mobile

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Security Affairs

MARCH 11, 2022

Their scope of interests include – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Ransomware

Ransomware Telecommunications Technology VPN

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications

Telecommunications DNS Malware Advertising

Lapsus$ gang claims to have hacked Microsoft source code repositories

Security Affairs

MARCH 21, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Hacking

Hacking InfoSec Telecommunications Cybercrime

Social media partially disrupted in Cuba amid anti-government protests

Security Affairs

JULY 13, 2021

AS27725) including Cubacel, the cellular network operated by Cuba’s sole telecommunications company.” VPN services have yet to be blocked in the country, allowing citizens to bypass internet censorship. NetBlocks reported that similar partial disruption was observed last year during the San Isidro protests in Havana.

Media

Media Government Internet Internet

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).”

Mobile

Mobile VPN Social Engineering Telecommunications

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. Source SSU. The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

Ransomware

Ransomware DDOS Telecommunications Malware

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. The experts noticed that the infection chain was distinct, with 99% of infections originating in Turkey, primarily from two major telecommunications providers.

Malware

Malware DNS Authentication Telecommunications

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

virtual private network (VPN), remote desktop protocol (RDP), virtual desktop infrastructure (VDI) including Citrix, or Identity providers (including Azure Active Directory, Okta)). Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. ” continues the analysis.

Accountability

Accountability VPN Social Engineering Hacking

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications

Telecommunications Authentication Passwords Accountability

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Security Affairs

MARCH 22, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Telecommunications

Telecommunications Data breaches Hacking VPN

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. Alloy Taurus is known for leveraging the SoftEther VPN service to facilitate access and maintain persistence to their targeted network.

Malware

Malware Telecommunications Government VPN

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities Telecommunications Technology Government

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Security Affairs

FEBRUARY 2, 2020

Russia’s telecommunications watchdog Roskomnadzor has instituted administrative proceedings against Facebook and Twitter after they refused to store data of Russian users on servers located in the country. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Telecommunications

Telecommunications VPN Advertising Government

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Security Affairs

MARCH 22, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Cybercrime

Cybercrime Telecommunications VPN Hacking

What to do if your company was mentioned on Darknet?

SecureList

DECEMBER 12, 2023

To find out, in 2022 we created a list of 700 companies worldwide from different industries: industrial, telecommunication, financial, retail, and others. In the case of leakage, there is no time to regret your unrealized security controls or not conducted information security training. And what you should do with it?

Data breaches

Data breaches Accountability Telecommunications Malware

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. Access sellers. As soon as such a vulnerability is disclosed, they compromise as many affected servers as possible before the defenders have applied the corresponding updates.

Ransomware

Ransomware Encryption Malware Cybercrime

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

Nation-state actors, allegedly Russia-linked hacked, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic. through 2020.2.1

Hacking

Hacking Software Telecommunications Government

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

NOVEMBER 25, 2020

Group-IB’s report Hi-Tech Crime Trends 2020/2021 examines various aspects of cybercrime industry operations and predicts changes to the threat landscape for various sectors, namely the financial industry, telecommunications, retail, manufacturing, and the energy sector. downloaders), and new types of botnets (brute-force botnets).

Banking

Banking Ransomware Phishing Marketing

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. Enhancing secure logging, isolating device management, and enforcing strict access control lists (ACLs) are key strategies.

Telecommunications

Telecommunications Government Mobile Cyber threats

China-linked APT Salt Typhoon has breached telcos in dozens of countries

Security Affairs

DECEMBER 4, 2024

China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt warns. President Biden’s deputy national security adviser Anne Neuberger said that China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries. reads the joint advisory.

Telecommunications

Telecommunications Government Mobile Cyber threats

Cyber Security Informer

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Trending Sources

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Nobelium continues to target organizations worldwide with custom malware

The Best Ways to Secure Communication Channels in The Enterprise Environment

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

GALLIUM Threat Group targets global telcos, Microsoft warns

Lapsus$ gang claims to have hacked Microsoft source code repositories

Social media partially disrupted in Cuba amid anti-government protests

T-Mobile confirms Lapsus$ had access its systems

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Cuttlefish malware targets enterprise-grade SOHO routers

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

China-linked threat actors have breached telcos and network service providers

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

FBI chief says China is preparing to attack US critical infrastructure

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Lapsus$ extortion gang leaked the source code for some Microsoft projects

What to do if your company was mentioned on Darknet?

Ransomware world in 2021: who, how and why

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Group-IB Hi-Tech Crime Trends 2020/2021 report

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

China-linked APT Salt Typhoon has breached telcos in dozens of countries

Stay Connected