Security News

Crims target telcos' Linux and Solaris boxes, which don't get enough infosec love
2021-10-20 05:40

Security vendor CrowdStrike claims it's spotted the group and that it "Has been consistently targeting the telecommunications sector at a global scale since at least 2016 to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads. "Whatever the group is called, the pair write that it"employs significant operational security measures, primarily establishing implants across Linux and Solaris servers, with a particular focus on specific telecommunications systems, and only interacting with Windows systems as needed.

State-backed hackers breach telcos with custom malware
2021-10-18 17:28

"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said. "The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."

Boffins propose Pretty Good Phone Privacy to end pretty invasive location data harvesting by telcos
2021-08-11 00:06

"We solve something that had previously been thought impossible - achieving location privacy in mobile networks," said Paul Schmitt, an associate research scholar at the Center for Information Technology Policy at Princeton University, told The Register. In "Pretty Good Phone Privacy," [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn't betray the location of mobile network customers.

DeadRinger: A Three-Pronged Attack by Chinese Military Actors against Major Telcos
2021-08-03 04:00

Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda.

Parallel Wireless partners with Axiata to provide O-RAN networks for the digital telcos across Asia
2021-06-28 23:15

Parallel Wireless is been selected by Axiata Group Berhad as a strategic partner providing O-RAN networks for the group's digital telcos across Southeast Asia and South Asia, enabling both 2G and 4G broadband connectivity. Headquartered in Malaysia, Axiata is one of the leading Mobile Network Operators in Asia operating digital telcos, digital businesses and infrastructure with a vision to be the Next Generation Digital Champion by 2024.

McAfee, the company, says Chinese attackers targeted Asian and US telcos
2021-03-18 06:58

Security vendor McAfee has detected an attack it believes was likely aimed at telecoms companies in the hope of stealing information related to 5G networks. McAfee has named the attack "Operation Diànxùn" and says it resembles past attacks perpetrated by groups named RedDelta and Mustang Panda.

State-sponsored Threat Groups Target Telcos, Steal 5G Secrets
2021-03-17 15:08

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. "While the initial vector for the infection is not entirely clear. [We believe] with a medium level of confidence that victims were lured to a domain under control [a] the threat actor, from which they were infected with malware," according to McAfee researchers in a Tuesday report.

Hezbollah hackers attack unpatched Atlassian servers at telcos, ISPs
2021-01-28 18:42

Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations. Using common web shell utilities as the main hacking tool and rarely relying on other tools, which hindered attribution.

UK proposes new powers for comms regulator to legally unleash avenging hordes on security-breached telcos
2020-12-16 12:32

Britain's Telecommunications Security Bill will allow anyone to sue their telco if they suffer "Loss or damage" as a result of a system breach - but only if they get Ofcom's permission. Buried in the details away from the China-bashing stuff is a potentially heavy stick to be wielded by telco regulator Ofcom, pitting baying crowds against telecoms operators.

HPE launches HPE 5G Lab to help telcos speed up 5G adoption
2020-07-24 01:30

Using the HPE 5G Lab, telcos can speed up 5G adoption and access new revenues faster by getting hands-on experience with the latest 5G innovations in a live test environment. Already this year, HPE has introduced HPE 5G Core Stack, an open, cloud-native 5G core network software stack; the HPE Resource Aggregator for Open Distributed Infrastructure Management, simplifying the management of telco grade compute infrastructure for 5G across thousands of sites; and HPE Edge Orchestrator, enabling telcos to deliver new edge computing services to customers at the edge of telco networks.