Tag Archive for: telecom

China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

/in


A Chinese cyber-espionage actor likely connected with the “Operation Soft Cell” campaign has been targeting Middle East telecom providers since the beginning of 2023.

The new series of attacks are part of what SentinelOne researchers described as “Operation Tainted Love,” a cyber-espionage campaign exhibiting “a well-maintained, versioned credential theft capability” and a new dropper mechanism.

“The initial attack phase involves infiltrating internet-facing Microsoft Exchange servers to deploy web shells used for command execution,” wrote SentinelOne senior threat researcher Aleksandar Milenkoski in an advisory published earlier today. “Once a foothold is established, the attackers conduct a variety of reconnaissance, credential theft, lateral movement and data exfiltration activities.”

Milenkoski highlighted that the deployment of custom credential theft malware is the main novelty of the new campaign, which relies on malware incorporating modifications to the code of the Mimikatz post-exploitation tool.

Read more on threat actors using Mimikatz here: ShadowPad-Associated Hackers Targeted Asian Governments

A particular sample of the malware (dubbed mim221 by SentinelOne) also featured upgraded anti-detection features.

“The use of special-purpose modules that implement a range of advanced techniques shows the threat actors’ dedication to advancing its toolset towards maximum stealth,” Milenkoski explained.

The security researcher also clarified that while links to Operation Soft Cell are evident, the team could not directly link the campaign to a specific threat actor.

“That campaign has been publicly associated with Gallium, and possible connections to APT41 have been suggested by the use of a common code signing certificate and tooling that shares code similarities. APT41 is also known to target telecommunication providers.”

Either way, Milenkoski said the threat actors behind Operation Tainted Love would likely continue upgrading their malware and targeting organizations in the Middle East.

“These threat actors will almost certainly continue exploring and upgrading their tools with new techniques for evading detection, including…

Source…

Over 40 lakh mobile users at hacking risk from compromised Shopify API keys, Telecom News, ET Telecom

/in


New Delhi: Over 40 lakh mobile phone users’ sensitive data is at hacking risk after cyber security researchers on Friday uncovered a critical security flaw in Shopify application programming interface (API) keys/tokens.

Cyber-security company CloudSEK‘s BeVigil, a security search engine for mobile apps, uncovered the vulnerability that puts over 40 lakh mobile customers’ sensitive data at risk.

From the millions of Android apps, 21 e-commerce apps were identified to have 22 hardcoded Shopify API keys/tokens, exposing personally identifiable information (PII) to potential threats.

By hardcoding the API key, the key becomes visible to anyone who has access to the code, including attackers or unauthorised users.

If an attacker gains access to the hardcoded key, they can use it to access sensitive data or perform actions on behalf of the program, even if they are not authorised to do so, said security researchers.

“The recent discovery of hardcoded Shopify keys in numerous Android apps is just another example of the lack of proper API security in the industry. This type of vulnerability exposes the personal information of users, as well as transactional and order details, to potential attackers,” said Vishal Singh, senior security engineer at CloudSEK.

Shopify is an e-commerce platform that allows individuals and businesses to create an online store to sell their products.

Over 4.4 million websites from more than 175 countries globally use Shopify.

With the ease of creating an online store, it also allows the integration of third-party apps and plugins to add additional functionality to the store. Shopify can be used to sell physical and digital products, and it also offers a point-of-sale system for brick-and-mortar stores.

“While this situation is not a limitation of the Shopify platform, it highlights the issue of API keys/tokens being leaked by app developers. As part of responsible disclosure, CloudSEK has notified Shopify and the affected apps about the hardcoded API keys,” said the company.

The researchers found that of the total hardcoded keys, at least 18 keys allow viewing customer-sensitive data, 7 API keys allow viewing/modifying gift cards and 6 API keys allow obtaining payment…

Source…

Hackers attack telecom office computers with ransomware

/in


Hackers attack telecom office computers with ransomware

Hackers breached some computer systems in the office of the Controller of Communication Accounts (CCA) in Vijayawada, demanding payment of ransom, an official said on Friday. The office staff found ransomware installed in their systems with a flag that they were hacked.

CCA comes under the Department of Communications, Government of India, with its AP Circle office located in Vijayawada.

CCA K Vinod Kumar told PTI that no vital data was stolen as their server was found secure.

“Basic information that is available in the computer systems has been affected but our main server is intact. We have alerted our head office on this and also lodged a complaint with the Cyber Crime Police,” Vinod Kumar said.

City Cyber Crimes Inspector Srinivasa Rao said they have started digging into the case but so far not identified the source of the hacking.

“The hacking has apparently been done for the sake of ransom as the hackers posted a flag on the systems. But so far, there has been no further communication on that,” the inspector added.

The IT staff got into action immediately and started corrective measures to prevent further breaches.

The CCA, AP Circle, is responsible for collection of license fee as revenue share from all cellular, basic, internet service providers and also spectrum usage charges. It is also responsible for maintenance of bank guarantees submitted by the decentralised licensees.

FacebookTwitterLinkedin

Source…

Australian Telecom Giant TPG Discloses Email Hack

/in


Forensics
,
Security Operations

Threat Actors Searched Email Inboxes for Cryptocurrency and Financial Information

Mihir Bagwe (MihirBagwe) •
December 15, 2022    

Australian Telecom Giant TPG Discloses Email Hack
Image: Shutterstock

Australian telecom and internet service provider TPG disclosed a data breach detected by an outside cybersecurity forensics team conducting a historical review.

See Also: Finding a Password Management Solution for Your Enterprise

The Microsoft Exchange email accounts of as many as 15,000 customers at subsidiaries iiNet and Westnet may be affected by the breach, TPG disclosed in a Wednesday filing to the Australian Securities Exchange.

It appears, TPG wrote, that hackers searched inboxes for data on cryptocurrency and other financial information they could steal. “We have implemented measures to stop the unauthorized access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” the company said. “We have notified the relevant government authorities.”

Consumer products were not affected, the company said. TPG encompasses a slew of brands including mobile carrier and ISP brands such as Vodafone, AAPT, Internode, Lebara and Felix.

Cybersecurity firm Mandiant, now owned by Google, notified the TPG about the attack on Tuesday. Mandiant has an “ongoing engagement to assist with cyber protection” and was in the process of sifting through historical data when analysts spotted the intrusion.

The breach adds to a growing list of cyberattacks on Australia’s telecommunication industry.

Only days ago, Telstra published names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company blamed a “misalignment of databases” (see: Australian Telecom…

Source…