Tag Archive for: Telecoms

Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded ‘AcidPour’ Malware


Mar 22, 2024NewsroomLinux / Cyber Warfare

Ukrainian Telecoms

The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show.

The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence.

“AcidPour’s expanded capabilities would enable it to better disable embedded devices including networking, IoT, large storage (RAIDs), and possibly ICS devices running Linux x86 distributions,” security researchers Juan Andres Guerrero-Saade and Tom Hegel said.

AcidPour is a variant of AcidRain, a wiper that was used to render Viasat KA-SAT modems operable at the onset of the Russo-Ukrainian war in early 2022 and cripple Ukraine’s military communications.

Cybersecurity

It also builds upon the latter’s features, while targeting Linux systems running on x86 architecture. AcidRain, on the other hand, is compiled for MIPS architecture.

Where AcidRain was more generic, AcidPour incorporates logic to target embedded devices, Storage Area Networks (SANs), Network Attached Storage (NAS) appliances, and dedicated RAID arrays.

That said, both the strains overlap when it comes to the use of the reboot calls and the method employed for recursive directory wiping. Also identical is the IOCTLs-based device-wiping mechanism that also shares commonalities with another malware linked to Sandworm known as VPNFilter.

“One of the most interesting aspects of AcidPour is its coding style, reminiscent of the pragmatic CaddyWiper broadly utilized against Ukrainian targets alongside notable malware like Industroyer 2,” the researchers said.

The C-based malware comes with a self-delete function that overwrites itself on disk at the beginning of its execution, while also employing an alternate wiping approach depending on the device type.

Russian Hackers

AcidPour has been attributed to a hacking crew tracked as UAC-0165, which is associated with Sandworm and has a track record of striking Ukrainian critical infrastructure.

The Computer Emergency Response Team of Ukraine (CERT-UA), in October 2023, implicated the adversary to attacks targeting at least 11…

Source…

Ukraine says Russian hackers penetrated major telecoms network for months – POLITICO


Russian hackers were inside Ukrainian telecoms giant Kyivstar’s system from at least May last year in a cyberattack which crippled its services in December, Ukraine’s top cyber spy said.

In an interview with Reuters published Thursday, Illia Vitiuk, head of the Security Service of Ukraine’s cybersecurity department, said: “This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” adding it wiped “almost everything,” including thousands of virtual servers and PCs.

The attack caused more than 24.3 million Kyivstar customers to lose phone reception, with banks reporting disruptions to their services and Ukrainians in the country’s eastern war zone being left without a connection. Vitiuk has attributed the attack to Sandworm, a Russian military intelligence cyberwarfare unit which has been linked to cyberattacks in Ukraine and elsewhere.

“For now, we can say securely, that they were in the system at least since May 2023,” Vitiuk said, adding, “I cannot say right now, since what time they had … full access: probably at least since November.”

In a video statement in December, Kyivstar CEO Oleksandr Komarov said: “Unfortunately, the war with Russia has several dimensions. One of them is in cyberspace.”

Source…

Hstoday Ukrainian Telecoms Hack Highlights Cyber Dangers of Russia’s Invasion


A recent cyber attack on Ukraine’s largest telecommunications provider, Kyivstar, caused temporary chaos among subscribers and thrust the cyber front of Russia’s ongoing invasion back into the spotlight. Kyivstar CEO Oleksandr Komarov described the December 12 hack as “the biggest cyber attack on telco infrastructure in the world,” underlining the scale of the incident.

This was not the first cyber attack targeting Kyivstar since Russia launched its full-scale invasion in February 2022. The telecommunications company claims to have repelled around 500 attacks over the past twenty-one months. However, this latest incident was by far the most significant.

Kyivstar currently serves roughly 24 million Ukrainian mobile subscribers and another million home internet customers. This huge client base was temporarily cut off by the attack, which also had a knock-on impact on a range of businesses including banks. For example, around 30% of PrivatBank’s cashless terminals ceased functioning during the attack. Ukraine’s air raid warning system was similarly disrupted, with alarms failing in several cities.

Read the rest of the story at Atlantic Council, here.

Source…

UK to accelerate research on 5G and 6G technology as part of £110 million telecoms R and D package


  • Three top UK universities awarded £28 million to develop next-generation 6G network technology
  • Groundbreaking £80 million fund to set up state-of-the-art UK Telecoms Lab in the West Midlands for testing network equipment
  • UK joins forces with Republic of Korea to solve power efficiency challenges in rollout of more innovative and secure networks

Research and development on next-generation 5G and 6G wireless technology and telecoms security is to be ramped up as part of a £110 million government investment.

In the package announced today, three top UK universities, University of York, University of Bristol and University of Surrey, will receive a share of £28 million to team up with major telecoms companies including Nokia, Ericsson and Samsung to design and build networks of the future such as 6G.

The move will bolster the UK’s status as a global leader in telecoms research and follows Ericsson and Samsung’s recent decision to set up cutting-edge 6G research centres in the UK. It will also support the roll out of lightning-fast 5G by making it easier for more firms to enter the market.

The universities will work with world-leading UK academics and industry players to ensure future network technologies, including 6G, are designed in a way that promotes a more diverse and innovative telecoms market, and brings an end to current network setups where all equipment within a network must be from a single supplier.

The package includes £80 million for a state-of-the-art UK Telecoms Lab being built in Solihull in the West Midlands. Under a new contract the government has signed with the National Physical Laboratory, the lab will act as a secure research facility for mobile network operators, suppliers and academics to research and test the security, resilience and performance of their 5G and, in the future, 6G network technology. The facility will also create dozens of specialised jobs in telecoms and cyber security for the region.

A new R and D partnership with the Republic of Korea has also kicked off, which aims to accelerate the deployment of Open RAN and associated technologies. The joint project, which will receive more than £3 million (including £1.2 million…

Source…