June 20, 2024 at 07:15AM Cyber espionage linked to China has targeted telecom operators in an unnamed Asian country since at least 2021, using backdoors and attempting to steal credentials. The attacks also targeted a services company and a university in another Asian country. The campaign appears to involve tools used by various Chinese espionage … Read more
May 20, 2024 at 02:36AM Germany is considering removing Huawei and ZTE equipment from its 5G networks over national security concerns. It is anticipated that German telcos will have to remove critical components by 2026 and reduce dependency on Chinese parts by 2029. Other countries, including Japan, Australia, Canada, and the UK, have already banned … Read more
May 10, 2024 at 04:09AM Security flaws in widely utilized Telit Cinterion cellular modems present remote code execution risks via SMS. Eight issues, comprising a severe heap overflow problem (CVE-2023-47610), were revealed by Kaspersky’s ICS CERT division. The vulnerabilities could allow attackers to compromise device integrity and cause extensive disruption. Mitigation strategies include disabling SMS … Read more
April 24, 2024 at 02:09PM Cisco issued a warning about professional, nation state-backed hackers exploiting two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. The campaign, known as ArcaneDoor, aims to exploit software defects in Cisco products, potentially exfiltrate data, and execute commands. Cisco recommended ensuring proper … Read more
April 19, 2024 at 08:04AM Telecom giant Frontier Communications reported to the SEC a cyberattack resulting in certain system shutdowns. The incident was identified on April 14, with unauthorized access gained by a cybercrime group. Frontier initiated response protocols, contained the incident, restored its IT environment, and notified law enforcement. It’s believed that the attack … Read more
April 19, 2024 at 12:16AM Frontier Communications, a Texas-based telecom provider serving 25 states, has ceased operations due to a recent cyberattack that resulted in the theft of personally identifiable information. The breach occurred on April 14, prompting Frontier to take some systems offline and disrupt normal operations. The company is investigating the incident with … Read more
April 2, 2024 at 07:26PM The FCC is taking action to address security flaws in American telephone networks, particularly the SS7 and Diameter protocols. These vulnerabilities have reportedly been exploited by foreign governments and surveillance entities for remote spying. The FCC is seeking input from telecommunication providers and aims to implement better security standards. Senator … Read more
March 22, 2024 at 12:33AM New findings from SentinelOne show that the data wiping malware AcidPour may have been used in attacks targeting four Ukrainian telecom providers, linked to Russian military intelligence. It has expanded capabilities to disable various devices and overlaps with the AcidRain wiper, demonstrating a refined and calculated approach by threat actors … Read more
March 4, 2024 at 02:08AM Security researcher HaxRob discovered a new Linux backdoor named GTPDOOR, targeting mobile carrier networks with a focus on GRX components. This tool, attributed to the ‘LightBasin’ threat group, can covertly communicate over GPRS Tunnelling Protocol Control Plane, bypassing traditional security solutions. The backdoor’s capabilities and detection strategies are detailed, along … Read more
February 29, 2024 at 07:09AM Threat hunters discovered a new Linux malware, GTPDOOR, designed for telecom networks near GPRS roaming exchanges. It uses GPRS Tunnelling Protocol for command-and-control communication. The backdoor is linked to known threat actor LightBasin targeting telecom sector for subscriber information theft. GTPDOOR allows contact with a compromised host and executing commands. … Read more