Autosummary:
Netlock is a significant Hungarian provider of digital certification services (electronic signatures, timestamping, and TLS/SSL certificates), best known for its Arany (Gold Class) Root CA, which is widely used in Hungary and other European countries. "Autosummary:
"Autosummary:
“The personal information that has been confirmed to have been leaked so far is a total of 25 types, including users’ mobile phone numbers, IMSI (subscriber identification number), SIM authentication keys, and other SIM-related information that were stored in HSS*.”The company offers cellular service, along with 5G development, AI services, IoT solutions, cloud computing, and smart city infrastructure. "Autosummary:
This breach allowed attackers to steal data that included IMSI, USIM authentication keys, network usage data, and SMS/contacts stored in the SIM. "Autosummary:
" Cellcom initially claimed the disruption was caused by a technical issue, stating that data services, iMessage, RCS messaging, and 911 emergency services remained operational. "Autosummary:
"Autosummary:
Below is the infection chain and malware used by the group: Earth Kurma used tools like NBTSCAN, Ladon, FRPC, WMIHACKER, and ICMPinger for lateral movement, network scanning, and malware deployment.Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion techniques. "Autosummary:
Compromised data includes full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details. "Autosummary:
In October, the FBI and CISA confirmed that the Chinese state hackers had breached multiple telecom providers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream) and many other telecom companies in dozens of countries. "Autosummary:
Although no customer names, birth dates, or financial details were leaked, the information identifying SIM cards is considered highly sensitive - as it could permit a determined criminal to hijack victims" phone numbers in a "SIM Swap" attack. "Autosummary:
"Autosummary:
The company offers cellular service, along with 5G development, AI services, IoT solutions, cloud computing, and smart city infrastructure. "Autosummary:
Compromised data includes full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details.South African telecom provider Cell C disclosed a data breach following a cyberattack Pierluigi Paganini April 14, 2025 April 14, 2025 Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. "Autosummary:
Key NIST Frameworks for Compliance NIST offers multiple cybersecurity frameworks, but the most relevant for service providers include: NIST Cybersecurity Framework (CSF 2.0) : A flexible, risk-based framework designed for businesses of all sizes and industries. For service providers, achieving NIST compliance means: Enhanced security: Improved ability to identify, assess, and mitigate cybersecurity risks. Step-by-Step Guide to Achieving NIST Compliance As mentioned above, achieving NIST compliance for clients presents numerous challenges for service providers, making the process complex and daunting. Limited budgets are a frequent obstacle for many organizations, making it essential to focus on high-impact controls, leverage open-source tools, and automate compliance tasks to manage costs effectively. "Autosummary:
Pierluigi Paganini March 27, 2025 March 27, 2025 Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!). Arkana claimed to have breached WOW!’s internal systems, including AppianCloud and Symphonica platforms “A major cyber attack reaps Wide Open West (WOW!), a leading Internet Service Provider with over 1.5 million customers. "Autosummary:
" Coinciding with the MSS statement, Chinese cybersecurity firms QiAnXin and Antiy have detailed spear-phishing attacks orchestrated by a Taiwanese threat actor codenamed APT-Q-20 (aka APT-C-01, GreenSpot, Poison Cloud Vine, and White Dolphin) that lead to the delivery of a C++ trojan and command-and-control (C2) frameworks like Cobalt Strike and Sliver. "Autosummary:
As the operation matured, Weaver Ant introduced a more advanced, custom-build web shell known as INMemory, which leverages a DLL (eval.dll) for stealthy ‘just-in-time code execution.’ "Autosummary:
The China Chopper web shell, originally developed by Chinese threat actors, enables remote access and control over compromised web servers, facilitating persistent access, command execution, and data exfiltration.These commands included: ‘Get-DomainUserEvent’, ‘Get-DomainSubnet’, ‘Get-DomainUser’, ‘Get-NetSession’ etc.” "Autosummary:
By offering proactive compliance monitoring with Compliance Manager GRC, you can: ✅ Help clients avoid fines and security risks ✅ Automate compliance reporting and streamline audits ✅ Expand their service offerings and increase revenue ✅ Build long-term relationships with businesses in need of compliance expertise With compliance regulations only getting stricter, MSPs that invest in continuous compliance solutions today will be well-positioned for long-term success. New Features That Make Compliance Manager GRC Even More Powerful Compliance Monitor: Continuous Compliance Monitoring Compliance Monitor enables automated, ongoing compliance monitoring, ensuring MSPs and their clients stay compliant with minimal manual effort. How MSPs Can Implement Continuous Compliance Monitoring To successfully offer compliance monitoring, you should: Leverage Automated Compliance Tools – Use platforms like Compliance Manager GRC that provide real-time compliance assessments and reporting. Together, Compliance Monitor and Risk Manager make Compliance Manager GRC a no-brainer for MSPs looking to save time, reduce risk, and turn compliance into a high-value service.— Javier Dugarte, VP of Sales and Operations, GoCloud Inc. With Compliance Manager GRC, MSPs can turn compliance into a competitive advantage, securing high-value clients and unlocking new revenue streams. "Autosummary:
Denmark warns of increased state-sponsored campaigns targeting the European telcos Pierluigi Paganini March 16, 2025 March 16, 2025 Denmark ‘s cybersecurity agency warns of increased state-sponsored campaigns targeting the European telecom companies Denmark raised the cyber espionage threat level for its telecom sector from medium to high due to rising threats across Europe. The Danish telecom sector faces multiple cyber threats: espionage, destructive attacks (MEDIUM), cyber activism (HIGH), and criminal hackers (VERY HIGH), including ransomware. In February, 2025, Cisco Talos researchers reported that China-linked APT group Salt Typhoon uses a custom-built utility, dubbed JumbledPath, to spy on network traffic of U.S. telecommunication providers. "Autosummary:
Potentially exposed information includes contract number, customer name (contract name), name of customer contact, telephone number, email address, address, information related to service use. "Autosummary:
"Autosummary:
"Autosummary:
Founded in 1989, LANIT offers a wide range of IT solutions, including system integration, software development, cybersecurity, cloud services, and IT consulting. "Autosummary:
"Autosummary:
"In addition, we have observed the threat actor capturing SNMP, TACACS, and RADIUS traffic, including the secret keys used between network devices and TACACS/RADIUS servers," Talos noted. "Autosummary:
These attacks have targeted well-known manufacturers, including Fortinet, Barracuda, SonicWall, Check Point, D-Link, Cisco, Juniper, NetGear, and Sophos. "Autosummary:
Cisco reported that Salt Typhoon used stolen credentials, captured network configs, and intercepted SNMP, TACACS, and RADIUS traffic to gather more credentials for further access.Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers Pierluigi Paganini February 20, 2025 February 20, 2025 China-linked cyber espionage group Salt Typhoon uses custom malware JumbledPath to on spy U.S. telecom providers. The China-linked APT group is still targeting telecommunications providers worldwide, and according to a report recently published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE network devices. "Autosummary:
"Autosummary:
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws Pierluigi Paganini February 14, 2025 February 14, 2025 China-linked APT Salt Typhoon has breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. “The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) "Autosummary:
Last week, the Treasury announced that the operation was conducted by “Silk Typhoon” (a.k.a. Hafnium), a team of skilled cyberspies who target a broad range of organizations in the U.S., Japan, Australia, and Vietnam. "Autosummary:
Anne Neuberger, the White House"s deputy national security adviser for cyber and emerging technologies, told reporters that the hackers breached nine U.S. carriers (including Windstream, Charter, and Consolidated Communications) and telecom companies in dozens of other countries. "Autosummary:
China-linked Salt Typhoon APT compromised more US telecoms than previously known Pierluigi Paganini January 06, 2025 January 06, 2025 China-linked Salt Typhoon group that breached multiple US telecoms compromised more firms than previously known, WSJ says. "Autosummary:
“The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) "Autosummary:
"Autosummary:
" Signal nominated as secure messaging alternative In today"s advisory, CISA recommends switching to an end-to-end encrypted messaging application, naming Signal as an alternative for mobile communication across multiple mobile (iOS, Android) and desktop (macOS, Windows, and Linux) platforms. "Autosummary:
Also tracked as Earth Estries, Ghost Emperor, FamousSparrow, and UNC2286, the Salt Typhoon Chinese state-sponsored hacking group has been active since at least 2019, breaching government entities and telecom companies across Southeast Asia. "Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. December 2024 Patch Tuesday forecast: The secure future initiative impact It seems like 2024 just started, but the final Patch Tuesday of … More
The post Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast appeared first on Help Net Security.
"Autosummary:
Building trust in tokenized economies In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies that can help solve this challenge, focusing on Fully Homomorphic Encryption (FHE), which enables data to remain encrypted even during processing, positioning it as a potential cornerstone for secure, decentralized environments. Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks In this Help Net Security interview, Niv Braun, CEO at Noma Security, discusses the difficulties security teams face due to the fragmented nature of AI processes, tools, and teams across the data and AI lifecycle. New infosec products of the week: December 6, 2024 Here’s a look at the most interesting products from the past week, featuring releases from Datadog, Fortinet, Radiant Logic, Sweet Security, Tenable, and Veza. "FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors that have – and will – burrow into the networks and systems of US telecommunication companies. NBC News reported that the advice was given during a conference call with the media on Tuesday, during which the official also shared that the compromise of the networks of multiple US telcos … More
The post 8 US telcos compromised, FBI advises Americans to use encrypted communications appeared first on Help Net Security.
"Autosummary:
"Autosummary:
"Sosa" and "Elijah," of Palm Coast, Florida; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, a.k.a. "joeleoli," of Jacksonville, North Carolina; Tyler Robert Buchanan, 22, of the United Kingdom. "Autosummary:
In September, the Wall Street Journal reported that China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.China-linked APT Salt Typhoon has breached telcos in dozens of countries Pierluigi Paganini December 05, 2024 December 05, 2024 China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt warns. “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. "Autosummary:
"Autosummary:
"Autosummary:
Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks Pierluigi Paganini December 04, 2024 December 04, 2024 Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks in a joint advisory. In September, the Wall Street Journal reported that China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. "Autosummary:
Released with the FBI, the NSA, and international partners, this joint advisory includes tips on hardening network security to shrink the attack surface targeted by the Chinese state hackers, including unpatched devices, vulnerable services exposed to online access, and generally less-secured environments. "Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that allows enterprises to manage and monitor backup operations across their offices. It’s also used by service providers to deliver Backup-as-a-Service (BaaS) and Disaster Recovery-as-a-Service (DRaaS) services to customers. The solution uses management agents to interact with … More
The post Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) appeared first on Help Net Security.
"Autosummary:
"Autosummary:
Other hardening best practices highlighted in today"s advisory include: Patching and upgrading devices promptly, Disabling all unused, unauthenticated, or unencrypted protocols, Limiting management connections and privileged accounts, Using and storing passwords securely, Using only strong cryptography. "Autosummary:
"Autosummary:
"Autosummary:
Victims have been identified across over a dozen countries, including Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, the U.S., and Vietnam. "Autosummary:
CVE-2023-46805, CVE-2024-21887 (Ivanti Connect Secure VPN) (Ivanti Connect Secure VPN) CVE-2023-48788 (Fortinet FortiClient EMS) (Fortinet FortiClient EMS) CVE-2022-3236 (Sophos Firewall) (Sophos Firewall) CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 (Microsoft Exchange – ProxyLogon) Salt Typhoon uses LOLbin tools for intelligence gathering and lateral network movement in the post-compromise phase. According to Trend Micro, Salt Typhoon has attacked telecommunications, government entities, technology, consulting, chemicals, and transportation sectors in the U.S., Asia-Pacific, Middle East, South Africa, and other regions. Attribution diagram Source: Trend Micro Salt Typhoon"s global campaigns Salt Typhoon (aka "Earth Estries", "GhostEmperor", or "UNC2286") is a sophisticated hacking group that has been active since at least 2019 and typically focuses on breaching government entities and telecommunications companies. "Autosummary:
" Some of the custom tools in its arsenal are SIGTRANslator, CordScan, and PingPong, which come with the following capabilities - SIGTRANslator, a Linux ELF binary designed to send and receive data using SIGTRAN protocols CordScan, a network-scanning and packet-capture utility containing built-in logic to fingerprint and retrieve data relating to common telecommunication protocols from infrastructure such as the Serving GPRS Support Node (SGSN) "Autosummary:
The second infection sequence, in contrast, is a lot more sophisticated, with the threat actors abusing susceptible Microsoft Exchange servers to implant the China Chopper web shell, which is then used to deliver Cobalt Strike, Zingdoor, and Snappybee (aka Deed RAT), a suspected successor to the ShadowPad malware.In August 2023, the spy crew was linked to a series of attacks aimed at government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. Analysis shows that the threat actors have methodically crafted their payloads and made use of an interesting combination of legitimate and bespoke tools and techniques to bypass defenses and maintain access to their targets. "Autosummary:
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman told WSJ. In September, the Wall Street Journal reported that China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. "Autosummary:
"After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part of a “broad and significant cyber espionage campaign.” “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private … More
The post FBI confirms China-linked cyber espionage involving breached telecom providers appeared first on Help Net Security.
"Autosummary:
"Autosummary:
"Autosummary:
“ In August, Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda, Daggerfly, and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches. "Autosummary:
Still, its statement aims to remind important organizations in the country to implement strict security measures, including multi-factor authentication protection, logging, traffic monitoring, and anti-phishing training. "Autosummary:
“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” are affected by this attack, the date and extent of which have not been specified, the company added. "Autosummary:
Patelco Credit Union data breach impacted over 1 million people Pierluigi Paganini September 30, 2024 September 30, 2024 The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company. "Autosummary:
“The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.” Since May 2020, over 200,000 devices, including SOHO routers, NVR/DVR devices, NAS servers, and IP cameras, have been compromised and added to the Raptor Train botnet, making it one of the largest China-linked IoT botnets discovered.“ In August, Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda, Daggerfly, and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. Macma is a modular backdoor that supports multiple functionalities, including device fingerprinting, executing commands, screen capture, keylogging, audio capture, uploading and downloading files. "Autosummary:
Pierluigi Paganini September 24, 2024 September 24, 2024 Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas. "Autosummary:
"Autosummary:
"Autosummary:
It offers a wide range of financial services, including checking and savings accounts, loans, credit cards, investment services, and insurance plans. "Autosummary:
"Autosummary:
They deployed custom keylogging malware, port scanning tools, credential theft through the dumping of registry hives, a publicly available tool known as Responder that acts as a Link-Local Multicast Name Resolution (LLMNR) NetBIOS Name Service (NBT-NS) and multicast DNS (mDNS) poisoner, and enabling RDP.China-linked spies target Asian Telcos since at least 2021 Pierluigi Paganini June 20, 2024 June 20, 2024 A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. "Autosummary:
“Based on our investigation, we have determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.” reads the Form 10-Q (quarterly report of financial performance) filed by the company with the SEC in May. "Autosummary:
The FCC fined AT&T, Sprint, T-Mobile, and Verizon a total of almost $200 million for “illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure.” "Autosummary:
The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data Pierluigi Paganini April 30, 2024 April 30, 2024 The Federal Communications Commission (FCC) fined the largest U.S. wireless carriers $200 million for sharing customers’ real-time location data without consent. "The Federal Communications Commission (FCC) fined the nation’s largest wireless carriers for illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure. Wireless carriers shared access to customers’ location data Sprint and T-Mobile – which have merged since the investigation began – face fines of more than $12 million and $80 million, respectively. AT&T is fined more than $57 million, and Verizon is fined … More
The post FCC fines major wireless carriers over illegal location data sharing appeared first on Help Net Security.
"Autosummary:
Wireless carriers continued to sell access to location data The investigations that led to these fines started following public reports that customers’ location information was being disclosed by the largest American wireless carriers without customer consent or other legal authorization to a Missouri Sheriff through a “location-finding service” operated by Securus, a provider of communications services to correctional facilities, to track the location of numerous individuals. "Autosummary:
During the investigation, the FCC"s Enforcement Bureau found that each of the four mobile carriers sold their customers" real-time location data to "aggregators," who then resold this information to dozens of third-party location-based service providers, revealing where the customers were going and who they were. "Autosummary:
"Malicious models represent a major risk to AI systems, especially for AI-as-a-service providers because potential attackers may leverage these models to perform cross-tenant attacks," Wiz researchers Shir Tamari and Sagi Tzadik said. "Autosummary:
"AcidPour"s expanded capabilities would enable it to better disable embedded devices including networking, IoT, large storage (RAIDs), and possibly ICS devices running Linux x86 distributions," security researchers Juan Andres Guerrero-Saade and Tom Hegel said. "Autosummary:
"Autosummary:
"Autosummary:
GTPDOOR is a "magic/wakeup" packet backdoor that uses a novel C2 transport protocol: GTP (GPRS Tunnelling Protocol), silently listening on the GRX network (1/n) 🧵 pic.twitter.com/IwuEcL14lx — HaxRob (@haxrob) February 28, 2024 The researcher believes that the threat actors behind GTPDOOR focuses on systems proximate to the GPRS Roaming eXchange (GRX), such as SGSN, GGSN, and P-GW.New GTPDOOR backdoor is designed to target telecom carrier networks Pierluigi Paganini March 04, 2024 March 04, 2024 Researcher HaxRob discovered a previously undetected Linux backdoor named GTPDOOR, designed to target telecom carrier networks.🤔 (3/n)) pic.twitter.com/hAKRJR1KFp — HaxRob (@haxrob) February 28, 2024 Both binaries targeted a very old Red Hat Linux version. "Autosummary:
"Autosummary:
Threat hunting with ThreatDown MDR How ThreatDown MDR works MSPs continue to be a prime target in cyber attacks—and as we’ve seen in this case study, attackers are in it for the long-haul, able to remain undetected for several months after compromising a network. The attacker’s use of legitimate tools such as TeamViewer, ScreenConnect, and PowerShell, in their months-long attack on the MSP underscores a key theme we’ve been writing about on the blog recently: attackers are increasingly relying on LOTL techniques in their attacks to avoid detection. "Autosummary:
230K individuals impacted by a data breach suffered by Telco provider Tangerine Pierluigi Paganini February 23, 2024 February 23, 2024 Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. "Autosummary:
The updated data breach reporting rules aim to ensure that "providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) are held accountable in their obligations to safeguard sensitive customer information, and to provide customers with the tools needed to protect themselves in the event that their data is compromised. "Autosummary:
Affected hospitals include: Azuga Orthopaedics and Traumatology Hospital Băicoi City Hospital Buzău County Emergency Hospital C.F. Clinical Hospital no. 2 Bucharest Colțea Clinical Hospital Emergency County Hospital “Dr. Constantin Opriș” Baia Mare Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest Fundeni Clinical Institute Hospital for Chronic Diseases Sf. "Autosummary:
Previously, Sea Turtle, also known as Teal Kurma and Cosmic Wolf, focused on the Middle Eastern region, as well as Sweden and the United States, using techniques like DNS hijacking and traffic redirection to perform man-in-the-middle attacks against government and non-government organizations, media, ISPs, and IT service providers. "Autosummary:
The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities. "Autosummary:
" To mitigate the risks posed by such attacks, it"s advised that organizations enforce strong password policies, implement two-factor authentication (2FA), rate limit login attempts to reduce the chances of brute-force attempts, monitor SSH traffic, and keep all systems and software up-to-date. "Autosummary:
"Autosummary:
In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine,including AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, WhisperGate, Prestige, RansomBoggs, and ZeroWipe. "Autosummary:
"Autosummary:
"Autosummary:
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania Pierluigi Paganini December 29, 2023 December 29, 2023 Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported. “Yesterday, on December 25, AKCESK was notified of cyber attacks that occurred on the ONE telephone company and the Assembly of the Republic of Albania.” reads the announcement published by AKCESK. "Autosummary:
The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the name Seedworm, which is also tracked under the monikers Boggy Serpens, Cobalt Ulster, Earth Vetala, ITG17, Mango Sandstorm (formerly Mercury), Static Kitten, TEMP.Zagros, and Yellow Nix. "Autosummary:
KillMilk has since announced that he was retiring, and appointed a new leader "Deanon Club," who has claimed that "there will be a large-scale recruitment for the KillNet team, on all fronts" with the goal of striking government financial facilities, encryption firms, and the gambling sector. "Autosummary:
The official website is offline, but the company informed subscribers via its social media channels that it was targeted by hackers this morning, causing a technical failure that impacts mobile communications and internet access. "Autosummary:
Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack Pierluigi Paganini December 12, 2023 December 12, 2023 Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. “This morning we became the target of a powerful cyber attack that caused a technical failure that led to temporarily unavailable services: 🔸 mobile connection; 🔸 Internet access. "Autosummary:
"Autosummary:
Threat actors could propagate the threat by exploiting vulnerabilities in Internet-facing systems, conducting credential brute force attacks, and tricking victims into downloading deceptive packages or binaries (i.e., files masquerading as product updates) from untrustworthy third-party sources. "Autosummary:
"Autosummary:
"We understand the importance of proactive and fluid communication in the face of incidents, therefore, in accordance with what we previously discussed on the phone, I would like to inform you that we are experiencing a partial impact on services as a result of a cybersecurity incident," reads a GTD security incident notification. On the morning of October 23rd, GTD suffered a cyberattack that impacted numerous services, including its data centers, internet access, and Voice-over-IP (VoIP). "Autosummary:
"Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA). According to public sources, the threat actors targeted ICS of at least […]
The post Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers appeared first on Security Affairs.
"Autosummary:
In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, WhisperGate, Prestige, RansomBoggs, and ZeroWipe. "Autosummary:
Additionally, the attackers use tools like "ffuf", "dirbuster", "gowitness", and "nmap" to find potential vulnerabilities in web services that can be exploited to gain access. "A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive, that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan. The campaign has been active since at least 2021, threat actors employed downloaders […]
The post Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT? appeared first on Security Affairs.
"Autosummary:
Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive, that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan. Pierluigi Paganini October 13, 2023 October 13, 2023 A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. "Autosummary:
Check Point reports that "Stayin" Alive" uses various samples and variants of these loaders and payloads, often tailored to specific regional targets (language, filenames, themes). "Autosummary:
A closer examination of the command-and-control (C2) infrastructure has revealed a constantly evolving arsenal of loader variants dubbed CurLu, CurCore, and CurLog that are capable of receiving DLL files, executing remote commands, and launch a process associated with a newly generated file to which data from the server is written to. "The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute (ETSI). The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe. The organization […]
The post European Telecommunications Standards Institute (ETSI) suffered a data breach appeared first on Security Affairs.
"Autosummary:
The organization focuses on developing global standards for information and communications technology (ICT) and telecommunications, such as: GSM™, TETRA, 3G, 4G, 5G, DECT™. "Autosummary:
Budworm, also referred to by the names APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and Red Phoenix, is known to be active since at least 2013, targeting a wide range of industry verticals in pursuit of its intelligence gathering goals. "Autosummary:
"In total, the company has about four hundred clients, a quarter of them are banks, the rest are credit institutions, car dealerships. "As the digital revolution changes the claims process, both carriers and customers are increasingly concerned about data privacy, according to LexisNexis Risk Solutions. More than 60% of consumers have concerns over the security of their personally identifiable information when they submit virtual claims. While carriers are worried about the actual cost of fraud, which can cost four times the value of the fraudulent transaction and impact a carrier’s reputation. “Virtual or self-service claims have been … More
The post Virtual claims raise alarms among insurance carriers and customers appeared first on Help Net Security.
"Autosummary:
Leaders are adopting a proactive, multi-layered approach that can include verifying PII, such as name, address and date of birth; using multi-factor or knowledge-based authentication methods, such as one-time passwords, multi-factor authentication or quizzes; using real-time digital risk signals, such as device and email intelligence, behavioral biometrics, link analysis or risk scoring; and using native device biometrics, consortium-based fraud scores or continuous monitoring. "Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures. Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government officials, telecommunication services, and public service infrastructures. The cyberspies compromised a broad range of devices, […]
The post Russian APT Nomadic Octopus hacked Tajikistani carrier appeared first on Security Affairs.
"Autosummary:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Nomadic Octopus) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections: The Teacher – Most Educational Blog The Entertainer – Most Entertaining Blog The Tech Whizz – Best Technical Blog Best Social Media Account to Follow (@securityaffairs) Please nominate Security Affairs as your favorite blog. "Autosummary:
"Resecurity warns about the increase of malicious cyber activity targeting data center service providers globally. According to the detailed report recently released by the California-based cybersecurity company, during September 2021, Resecurity notified several data center organizations about malicious cyber activity targeting them and their customers. Such organizations act as a critical part of the enterprise supply chain and become a juicy target for nation-state, criminal and cyberespionage groups. The details about this activity have been … More
The post Resecurity warns about cyber-attacks on data center service providers appeared first on Help Net Security.
"Autosummary:
Most organizations identified in the leaked data sets relate to financial institutions (FIs) with a global presence, investment funds, biomedical research companies, technology vendors, e-commerce, online marketplaces, cloud services, ISPs and CDN providers with HQ in the U.S, the U.K, Canada, Australia, New Zealand, Singapore and China. Once the customer credentials were collected, the actor performed active probing to the customer panels aiming to collect information about the representatives of enterprise customers who manage operations at the data center, list of purchased services, and deployed equipment. "Resecurity warns about the increase of malicious cyber activity targeting data center service providers globally. According to the detailed report recently released by the California-based cybersecurity company, during September 2021, Resecurity notified several data center organizations about malicious cyber activity targeting them and their customers. Such organizations act as a critical part of the enterprise […]
The post Resecurity warns about cyber-attacks on data center service providers appeared first on Security Affairs.
"Autosummary:
Most organizations identified in the leaked data sets relate to financial institutions (FIs) with a global presence, investment funds, biomedical research companies, technology vendors, e-commerce, online marketplaces, cloud services, ISPs and CDN providers with HQ in the U.S, the U.K, Canada, Australia, New Zealand, Singapore and China. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, data center service providers) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "Autosummary:
"