Telecommunications


  • Chinese cyber-espionage group Moshen Dragon targets Asian telcos

    May 2, 2022

    Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia. While this new threat group has some overlaps with “RedFoxtrot” and “Nomad Panda,” including the use of ShadowPad and PlugX malware variants, there are enough differences in their activity to follow them separately. According to a ...

  • Modem-wiping malware caused Viasat satellite broadband outage in Europe

    April 1, 2022

    Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack some weeks ago were wiped by malware with possible links to Russia’s destructive VPNFilter, according to SentinelOne. On February 24, as Russian troops invaded Ukraine, Viasat terminals in Europe and Ukraine were suddenly and unexpectedly knocked offline and rendered inoperable. This caused, ...

  • Kaspersky, China Telecom, China Mobile named ‘threats to US national security’

    March 28, 2022

    The United Stations Federal Communications Commission (FCC) has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. The three companies join Huawei, ZTE, Chinese radio-comms vendor Hytera, and Chinese video surveillance systems vendors Hangzhou Hikvision Digital Technology Company and Dahua Technology Company. Kaspersky is the first non-Chinese company to be added to the FCC’s ...

  • Britain, U.S. warn of satellite communications risks after Ukraine hack

    March 18, 2022

    Britain and the United States have warned organisations of the risks associated with using satellite communications following a cyberattack on satellite internet modems as Russia invaded Ukraine. Western intelligence agencies have been investigating the attack which disrupted broadband satellite internet access provided by U.S. telecommunications firm Viasat, Reuters reported last week. “It’s certainly something we’re investigating quite ...

  • NATO Communications and Information Agency modernizes NATO’s core communications infrastructure

    March 16, 2022

    The NATO Communications and Information Agency (NCI Agency) provides a robust infrastructure for NATO’s networks, providing interconnectivity across multiple Alliance locations and enabling NATO to perform consultation, deterrence and collective defence. “This is the backbone network infrastructure, which all services use in order to perform their functions, making this an incredibly important capability to allow NATO ...

  • NY OAG warns T-Mobile data breach victims of identity theft risks

    March 3, 2022

    The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web. The alert comes after individuals impacted in the incident were notified by identity theft protection services ...

  • UK government starts public consultation on telco security

    March 3, 2022

    While the world watches Ukraine, the British government has quietly dropped a requirement for mass surveillance of UK internet users by their service providers. A public consultation on the Electronic Communications (Security Measures) Regulations 2022, currently in draft, revealed that a controversial plan to bring back internet connection records monitoring has been deleted after pushback from ...

  • SMS PVA Part 3: Countries Most Impacted by Service

    March 2, 2022

    Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell as an example. Moreover, it discussed the “benefits” of SMS PVA services to cybercriminals. In the final installation of our series, we’ll discuss relevant statistics and recommendations to mitigate the ...

  • SMS PVA Part 2: Underground Service for Cybercriminals

    February 27, 2022

    In part one, Trend Micro researchers extensively discussed SMS PVA and started investigating a particular service called ReceiveCode that our team first found on a Facebook advertisement. ReceiveCode offers users access to SMS code verification sent to mobile numbers that the company has in their storage. Customers simply need to sign up to their customer-facing portal, ...

  • SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification

    February 15, 2022

    There has been an increase in short message service (SMS) phone-verified account (PVA) services in the last two years. SMS PVA services provide alternative mobile numbers that customers can use to register for online services and platforms. These types of services help circumvent the SMS verification mechanisms widely used by online platforms and services to ...

  • Croatian phone carrier data breach impacts 200,000 clients

    February 11, 2022

    Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information. The type of information that ...

  • FBI: Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public

    February 8, 2022

    The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to ...

  • Telco fined €9 million for hiding cyberattack impact from customers

    February 1, 2022

    The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of ...

  • TianySpy Malware Uses Smishing Disguised as Message From Telco

    January 25, 2022

    It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is ...

  • T-Mobile confirms SIM swapping attacks led to breach

    December 30, 2021

    T-Mobile has confirmed a data breach that was caused in part by SIM swapping attacks, according to a statement from the company. The T-Mo Report, a blog tracking T-Mobile, obtained internal reports showing that some data was leaked from a subset of customers. Some individuals had their customer proprietary network information (CPNI) leaked, which includes information about ...

  • An Investigation Into SS7 Exploitation Services On The Dark Web

    November 17, 2021

    In this latest investigative article SOS intelligence researchers will be taking a look at alleged SS7 exploitation services on the Dark Web and diving into their credibility using SOS Intelligence analytics toolkit. SS7 Significance & Background Signalling System 7 is a telecommunications protocol adopted internationally that defines how the network elements in a public switched telephone network ...

  • New Zealand spooks say satellite snooping is obsolete – better intel is found elsewhere

    November 11, 2021

    New Zealand’s Government Communications Security Bureau (GCSB) – the nation’s signals intelligence and infosec agency – will retire its Waihopai satellite communications interception station because it’s no longer needed. “The nature of telecommunications has changed, and other needs and capabilities have overtaken the sort of satellite communication interception that has been done at Waihopai,” said Andrew ...

  • Telnyx is the latest VoIP provider hit with DDoS attacks

    November 10, 2021

    Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday. Telnyx is a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions. Read more… Source: Bleeping Computer  

  • Meet Lyceum: Iranian hackers targeting telecoms, ISPs

    November 9, 2021

    Researchers have provided a deep dive into the activities of Lyceum; an Iranian threat group focused on infiltrating the networks of telecoms companies and internet service providers (ISPs). Lyceum, also known as Hexane, Siamesekitten, or Spirlin, has been active since 2017. The advanced persistent threat (APT) group has been linked to campaigns striking Middle Eastern oil ...

  • Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’

    November 5, 2021

    Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services. Cloudflare researchers said they saw the several “record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris),” noting the emergence of ransom DDoS attacks on voice ...