CyberSecurity news

FlagThis - #Telecom

Dysruption Hub@The Dysruption Hub //

Cellcom Cyberattack Service Outage - Cellcom, a Wisconsin-based mobile carrier, experienced a week-long service outage due to a cyberattack impacting voice and text services.
Cellcom, a Wisconsin-based mobile carrier, has confirmed that a cyberattack is the cause of a week-long service outage that began on the evening of May 14, 2025. Customers across Wisconsin and Upper Michigan experienced disruptions to voice and SMS services, leaving them unable to make phone calls or send text messages. Initially, the company attributed the issue to a technical problem but later acknowledged the cyber incident in a video and letter from CEO Brighid Riordan. The attack specifically targeted a network segment responsible for handling voice and SMS, but the company assured customers that sensitive data, such as names, addresses, and financial details, was not compromised.

Cellcom has engaged federal authorities, including the FBI, and international cybersecurity experts to assist in mitigating the impact and restoring full service. CEO Brighid Riordan stated that the company was not unprepared for such an incident and emphasized their commitment to recovery. Partial service has been restored, and the company anticipates a full restoration by the end of the week. Cellcom has also pledged to cover service fees for affected customers during the outage as a gesture of accountability and thanks.

The cyberattack on Cellcom highlights the critical importance of cybersecurity and the potential consequences of a breach on essential communication services. The outage has disrupted both personal and business communications, with some customers reporting business losses due to the prolonged downtime. The Wisconsin Department of Agriculture, Trade and Consumer Protection has received at least 15 customer complaints related to the disruption. Cellcom is advising affected users to try turning on their phone’s airplane mode for 10 seconds or restarting their device if they continue to experience connection issues.

Recommended read:
References :
  • bsky.app: Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025.
  • The Dysruption Hub: Cyberattack Disrupts Cellcom Voice and Text Services in Wisconsin
  • The DefendOps Diaries: The Cellcom Cyberattack: Lessons in Cybersecurity and Communication Resilience
  • PCMag UK security: Cyberattack Takes Down Wisconsin-Based Mobile Carrier
  • www.bleepingcomputer.com: Mobile carrier Cellcom confirms cyberattack behind extended outages
  • BleepingComputer: Infosec Exchange post confirming Cellcom cyberattack
  • securityaffairs.com: A cyberattack was responsible for the week-long outage affecting Cellcom wireless network
Pierluigi Paganini@Security Affairs //

MTN Cybersecurity Breach Exposes Subscribers Personal Information - MTN Group, an African telecommunications company, disclosed a data breach affecting subscribers’ personal information, raising concerns about data security, regulatory impacts, and brand reputation.
African multinational telecommunications company, MTN Group, has disclosed a cybersecurity breach that exposed the personal information of some of its subscribers. The breach has raised significant concerns about data security and the potential regulatory and legal repercussions the company may face. MTN operates across various African markets and is therefore subject to stringent national data protection laws, such as South Africa’s Protection of Personal Information Act (POPIA) and Nigeria’s Data Protection Regulation (NDPR). These regulations mandate strict data handling and security measures, with non-compliance potentially leading to substantial fines and legal actions.

MTN's immediate response included collaboration with law enforcement, specifically the South African Police Service and the Directorate for Priority Crime Investigation, underscoring the seriousness of the situation. While MTN has assured stakeholders that its core networks and financial systems remain secure, the incident has nonetheless triggered concerns about the overall robustness of the company's cybersecurity defenses. An investigation is currently underway to determine the full scope and impact of the breach, as the company seeks to understand how the attackers were able to compromise customer data.

The breach poses a significant challenge to MTN's brand reputation and customer trust, particularly given its extensive subscriber base of nearly 300 million users. Restoring confidence will require transparent communication with affected customers and the implementation of robust cybersecurity measures to prevent future incidents. The company has already begun notifying impacted customers and is working to comply with all local legal and regulatory obligations. While the precise financial consequences of the breach are still unknown, the incident highlights the growing threat of cyberattacks against telecommunications companies and the critical importance of maintaining strong data protection practices.

Recommended read:
References :
  • securityaffairs.com: SecurityAffairs: African multinational telco giant MTN Group disclosed a data breach
  • The DefendOps Diaries: TheDefendOpsDiaries: MTN Cybersecurity Breach: Navigating Challenges and Implications
  • BleepingComputer: BleepingComputer: Mobile provider MTN says cyberattack compromised customer data
  • Talkback Resources: MTN Group and Cell C, South African telecom providers, experienced data breaches, with MTN Group taking steps to notify affected customers and authorities, while Cell C's stolen data was leaked on the dark web by a ransomware group.
  • bsky.app: African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries.
@www.ic3.gov //

FBI Seeks Help Unmasking Salt Typhoon Hackers - The FBI seeks public assistance regarding the Salt Typhoon campaign, linked to the People’s Republic of China, which targets U.S. telecommunications infrastructure, resulting in data theft and espionage, and is offering a reward for information.
The FBI has issued a public appeal for information regarding a widespread cyber campaign targeting US telecommunications infrastructure. The activity, attributed to a hacking group affiliated with the People's Republic of China and tracked as 'Salt Typhoon,' has resulted in the compromise of multiple U.S. telecommunications companies and others worldwide. The breaches, which have been ongoing for at least two years, have led to the theft of call data logs, a limited number of private communications, and the copying of select information subject to court-ordered U.S. law enforcement requests. The FBI is seeking information about the individuals who comprise Salt Typhoon and any details related to their malicious cyber activity.

The FBI, through its Internet Crime Complaint Center (IC3), is urging anyone with information about Salt Typhoon to come forward. The agency's investigation has uncovered a broad and sophisticated cyber operation that exploited access to telecommunications networks to target victims on a global scale. In October, the FBI and CISA confirmed that Chinese state hackers had breached multiple telecom providers, including major companies like AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream, as well as dozens of other telecom companies in numerous countries.

In an effort to incentivize informants, the U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to US$10 million for information about foreign government-linked individuals participating in malicious cyber activities against US critical infrastructure. The FBI is accepting tips via TOR in a likely attempt to attract potential informants based in China. The agency has also released public statements and guidance on Salt Typhoon activity in collaboration with U.S. government partners, including the publication of 'Enhanced Visibility and Hardening Guidance for Communications Infrastructure.' Salt Typhoon is also known by other names such as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286.

Recommended read:
References :
  • bsky.app: The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide.
  • thecyberexpress.com: The FBI has issued a public appeal for information concerning an ongoing cyber campaign targeting US telecommunications infrastructure, attributed to actors affiliated with the People’s Republic of China (PRC).
  • www.bleepingcomputer.com: FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches
  • BleepingComputer: The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide.
  • The DefendOps Diaries: Explore Salt Typhoon's cyber threats to telecom networks and the advanced tactics used by this state-sponsored group.
  • malware.news: The FBI is seeking information from the public about the Chinese Salt Typhoon hacking campaign that, last year, was found to have breached major telecommunications providers and their wiretap request systems over a two-year period.
  • Industrial Cyber: The Federal Bureau of Investigation (FBI) is requesting public assistance in reporting information related to the People’s Republic...
  • industrialcyber.co: FBI issues IC3 alert on ‘Salt Typhoon’ activity, seeks public help in investigating PRC-linked cyber campaign
  • Policy ? Ars Technica: FBI offers $10 million for information about Salt Typhoon members
  • www.cybersecuritydive.com: FBI seeks public tips about Salt Typhoon
  • www.scworld.com: US intensifies Salt Typhoon crackdown with public info request
Pierluigi Paganini@Data Breach //

SK Telecom Cyberattack Exposes Millions of User Data - SK Telecom experienced a data breach affecting 25 million subscribers’ USIM data due to malware, leading to SIM card replacements and potential risks of identity theft and SIM swap attacks.
SK Telecom, a major mobile network operator in South Korea, is grappling with the aftermath of a significant cyberattack that compromised the USIM data of approximately 23 million subscribers. The breach, discovered on April 19th, involved malware infiltration that allowed attackers to steal sensitive customer information, including mobile phone numbers and device identification numbers (IMEI). This stolen data poses significant risks to affected users, including potential identity theft and SIM swap attacks, where criminals can hijack a victim's phone number to gain access to personal and financial accounts.

In response to the widespread data breach, SK Telecom has announced a program to provide free SIM card replacements to all 25 million of its mobile customers. This initiative aims to mitigate the risk of SIM swapping and other fraudulent activities by replacing compromised SIM cards with secure ones. However, the company faces logistical challenges, with only 6 million SIM cards available for immediate replacement through May. This shortage raises concerns about the timeline for fully addressing the vulnerability and protecting all affected subscribers.

The cyberattack has had a substantial impact on SK Telecom, leading to customer anxiety, a loss in market capitalization estimated at $643 million, and potential subscriber attrition. The South Korean Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) have launched an on-site investigation at SK Telecom's headquarters, signaling the seriousness of the breach and the regulatory scrutiny the company now faces. While SK Telecom is implementing measures to restore customer trust, the incident serves as a wake-up call for the telecommunications industry, highlighting the need for robust cybersecurity practices and proactive security measures.

Recommended read:
References :
  • cyberinsider.com: SK Telecom Says Malware Incident Leaked Customer USIM Data
  • securityaffairs.com: SK Telecom warned that threat actors accessed customer Universal Subscriber Identity Module (USIM) info through a malware attack.
  • BleepingComputer: SK Telecom Warns Customer USIM Data Exposed in Malware Attack
  • The DefendOps Diaries: Understanding the SK Telecom Malware Attack: Lessons for the Telecom Industry
  • bsky.app: Bsky post on SK Telecom warns customer USIM data exposed in malware attack
  • Talkback Resources: Korean Telco Giant SK Telecom Hacked [mal]
  • bsky.app: Hackers access sensitive SIM card data at South Korea's largest telecoms company
  • Malware ? Graham Cluley: Mobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers' SIM cards.
  • The DefendOps Diaries: SK Telecom's cyberattack exposes telecom vulnerabilities, affecting 23M subscribers and prompting industry-wide security reevaluations.
  • www.bleepingcomputer.com: South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.
  • www.cysecurity.news: SK Telecom Malware Attack Exposes USIM Data in South Korea
  • BleepingComputer: South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.
  • www.bleepingcomputer.com: South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.
  • bsky.app: South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.
Pierluigi Paganini@securityaffairs.com //

Arkana Security Claims Hack of WideOpenWest Telecommunications Provider - Arkana Security, a new ransomware group, claims responsibility for breaching WideOpenWest (WOW!), compromising over 403,000 customer accounts.
A new ransomware group named Arkana Security is claiming responsibility for breaching WideOpenWest (WOW!), one of the largest U.S. cable and broadband providers. Arkana Security also claims the hack of US telco provider WideOpenWest (WOW!). This nascent ransomware gang’s breach purportedly compromised over 403,000 WOW! user accounts, pilfering data, including full names, usernames, salted passwords, email addresses, login histories, and security questions and answers.



The attackers boast of full backend control and have even created a music video montage to demonstrate their level of access. Additionally, they claim to have exfiltrated a separate CSV file with 2.2 million records, including names, addresses, phone numbers, and devices. While WOW! has yet to acknowledge Arkana Security's claims, threat researchers traced the attack's origins to an infostealer infection in September last year that enabled access to WOW!'s critical systems.

Recommended read:
References :
  • Cyber Security News: The largest US internet provider, WideOpenWest (WOW!), is allegedly compromised by Arkana Security, a recently discovered ransomware group.
  • securityaffairs.com: Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!), stealing customer data.
  • www.scworld.com: WideOpenWest purportedly breached by nascent ransomware gang
  • CyberInsider: Arkana ransomware group has claimed responsibility for breaching WideOpenWest (WOW!), one of the largest U.S. cable and broadband providers.
  • BleepingComputer: The new ransomware group Arkana Security claims to have hacked US telecom provider WOW!, stealing customer data.
  • Information Security Buzz: A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US. The malicious actors boasted they had full backend control and even put a music video montage together to illustrate exactly how much access they had.
  • DataBreaches.Net: A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)
  • PCMag UK security: Hacking group Arkana Security gives WideOpenWest (WOW!) until 5 p.m. PST today to pay a ransom, or it will sell customer data to the highest bidder. WOW! says it's investigating.
  • The Register - Security: Cyber-crew claims it cracked American cableco, releases terrible music video to prove it
  • www.csoonline.com: A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US.
  • Talkback Resources: Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)
  • www.pcmag.com: Cybercrime Gang Says It Hacked This US ISP, Stole Info on 403K Customers
  • www.scworld.com: A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)

Posts

Blogs

Research Tools