Security News

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities
2022-09-23 13:25

The cybersecurity firm codenamed the group Metador in reference to a string "I am meta" in one of their malware samples and because of Spanish-language responses from the command-and-control servers. The threat actor is said to have primarily focused on the development of cross-platform malware in its pursuit of espionage aims.

Russian Sandworm hackers pose as Ukrainian telcos to drop malware
2022-09-19 18:50

The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. Sandworm is a state-backed threat actor attributed by the US government as part of the Russian GRU foreign military intelligence service.

Revealed: US telcos admit to storing, handing over location data
2022-09-02 17:15

US mobile carriers know a lot about where their customers are located, and according to letters sent to the Federal Communications Commission, they routinely store such data for years, willingly hand it over to law enforcement if served a proper subpoena, and say users can't opt out. News that cellular carriers are storing sensitive location data isn't surprising given previous actions taken against AT&T, Verizon, T-Mobile US and Sprint by the FCC in 2020 for selling location data to third parties.

Bill for US telcos to bin Chinese kit blows out by $3 billion
2022-07-18 04:59

The US Federal Communications Commission notified Congress on Friday that the cost to rip and replace equipment kit from Huawei and ZTE installed at US telcos is more than $3 billion higher than funding allocated for the program. FCC chair Jessica Rosenworcel wrote to explain the situation, which arose from the USA's desire to remove Chinese comms kit at local carriers in the name of national security.

Beijing-backed baddies target unpatched networking kit to attack telcos
2022-06-08 07:56

State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "Establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers. The advisory states that network devices are the target of this campaign and lists 16 flaws - some dating back to 2017 and none more recent than April 2021 - that the three agencies rate as the most frequently exploited.

US: Chinese govt hackers breached telcos to snoop on network traffic
2022-06-07 22:43

Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. "Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," the advisory explains.

Russian govt impersonators target telcos in phishing attacks
2022-04-27 15:32

A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries. The phishing emails pretend to come from the Russian Government's Federal Bailiffs Service and are written in the Russian language, with the recipients being telecommunication service providers and industrial firms in Lithuania, Estonia, and Russia.

‘Seedworm’ Attackers Target Telcos in Asia, Middle East
2021-12-14 13:21

Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers. Though the identity of attackers also is unconfirmed, they potentially could be linked to the Iranian group Seedworm, aka MuddyWater or TEMP.Zagros, researchers said.

Iranian state hackers use upgraded malware in attacks on ISPs, telcos
2021-11-09 17:33

The Iranian state-supported APT known as 'Lyceum' targeted ISPs and telecommunication service providers in the Middle East and Africa between July and October 2021. Apart from Israel, which is permanently in the crosshairs of Iranian hackers, researchers have spotted Lyceum backdoor malware attacks in Morocco, Tunisia, and Saudi Arabia.

Crims target telcos' Linux and Solaris boxes, which don't get enough infosec love
2021-10-20 05:40

Security vendor CrowdStrike claims it's spotted the group and that it "Has been consistently targeting the telecommunications sector at a global scale since at least 2016 to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads. "Whatever the group is called, the pair write that it"employs significant operational security measures, primarily establishing implants across Linux and Solaris servers, with a particular focus on specific telecommunications systems, and only interacting with Windows systems as needed.