CyberSecurity news
FlagThis - #TelecomSecurity
|
Pierluigi Paganini@Data Breach
//
SK Telecom, South Korea’s largest mobile carrier, has suffered a significant cyberattack resulting in a USIM data breach affecting approximately 23 to 25 million subscribers. The breach was triggered by a malware infection that exposed sensitive information tied to users’ Universal Subscriber Identity Modules (USIMs), including mobile phone numbers and IMEI numbers. This incident has raised alarms across the telecommunications industry, prompting a reassessment of cybersecurity practices and highlighting vulnerabilities within SK Telecom's network.
To address the fallout from the breach, SK Telecom is offering free SIM card replacements to its affected customers. While the company serves roughly half of the domestic mobile phone market, only 6 million replacement SIM cards are initially available through May. This initiative aims to mitigate the risks of identity theft and SIM swap attacks, which could exploit the compromised USIM data. Additionally, SK Telecom is working to restore customer trust by increasing checks on SIM card replacement activities and monitoring authentication processes for suspicious behavior. The cyberattack has had a substantial impact on SK Telecom’s market position and financial standing. An estimated $643 million in market capitalization has been lost, accompanied by a potential exodus of subscribers seeking more secure alternatives. The South Korean Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) have launched an on-site investigation at SK Telecom’s headquarters, adding further pressure on the company to effectively manage the breach's consequences. Recommended read:
References :
@www.ic3.gov
//
The FBI has issued a public appeal for information regarding a widespread cyber campaign targeting US telecommunications infrastructure. The activity, attributed to a hacking group affiliated with the People's Republic of China and tracked as 'Salt Typhoon,' has resulted in the compromise of multiple U.S. telecommunications companies and others worldwide. The breaches, which have been ongoing for at least two years, have led to the theft of call data logs, a limited number of private communications, and the copying of select information subject to court-ordered U.S. law enforcement requests. The FBI is seeking information about the individuals who comprise Salt Typhoon and any details related to their malicious cyber activity.
The FBI, through its Internet Crime Complaint Center (IC3), is urging anyone with information about Salt Typhoon to come forward. The agency's investigation has uncovered a broad and sophisticated cyber operation that exploited access to telecommunications networks to target victims on a global scale. In October, the FBI and CISA confirmed that Chinese state hackers had breached multiple telecom providers, including major companies like AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream, as well as dozens of other telecom companies in numerous countries. In an effort to incentivize informants, the U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to US$10 million for information about foreign government-linked individuals participating in malicious cyber activities against US critical infrastructure. The FBI is accepting tips via TOR in a likely attempt to attract potential informants based in China. The agency has also released public statements and guidance on Salt Typhoon activity in collaboration with U.S. government partners, including the publication of 'Enhanced Visibility and Hardening Guidance for Communications Infrastructure.' Salt Typhoon is also known by other names such as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286. Recommended read:
References :
Pierluigi Paganini@Data Breach
//
SK Telecom, a major mobile network operator in South Korea, is grappling with the aftermath of a significant cyberattack that compromised the USIM data of approximately 23 million subscribers. The breach, discovered on April 19th, involved malware infiltration that allowed attackers to steal sensitive customer information, including mobile phone numbers and device identification numbers (IMEI). This stolen data poses significant risks to affected users, including potential identity theft and SIM swap attacks, where criminals can hijack a victim's phone number to gain access to personal and financial accounts.
In response to the widespread data breach, SK Telecom has announced a program to provide free SIM card replacements to all 25 million of its mobile customers. This initiative aims to mitigate the risk of SIM swapping and other fraudulent activities by replacing compromised SIM cards with secure ones. However, the company faces logistical challenges, with only 6 million SIM cards available for immediate replacement through May. This shortage raises concerns about the timeline for fully addressing the vulnerability and protecting all affected subscribers. The cyberattack has had a substantial impact on SK Telecom, leading to customer anxiety, a loss in market capitalization estimated at $643 million, and potential subscriber attrition. The South Korean Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) have launched an on-site investigation at SK Telecom's headquarters, signaling the seriousness of the breach and the regulatory scrutiny the company now faces. While SK Telecom is implementing measures to restore customer trust, the incident serves as a wake-up call for the telecommunications industry, highlighting the need for robust cybersecurity practices and proactive security measures. Recommended read:
References :
drewt@secureworldexpo.com (Drew Todd)@SecureWorld News
//
The Chinese state-sponsored hacking group Salt Typhoon is expanding its espionage campaign, targeting U.S. telecommunication providers and other networks globally. The group, active since at least 2019, has been breaching major companies like AT&T, Verizon, and Lumen Technologies. Between December 2024 and January 2025, Salt Typhoon compromised additional telecom networks across the globe. The attacks involve a custom utility called JumbledPath, used to stealthily monitor network traffic and potentially capture sensitive data.
Salt Typhoon gains initial access through stolen credentials and exploiting vulnerabilities in Cisco routers. Specifically, they target internet-exposed Cisco network routers, leveraging CVE-2023-20198 and CVE-2023-20273 to escalate privileges and gain root access. Once inside, they extract credentials by intercepting authentication traffic, modify network configurations, and create hidden accounts to maintain persistent access. The group's objectives include intercepting sensitive communications, tracking political activists, and stealing research from academic institutions. Recommended read:
References :
@www.bleepingcomputer.com
//
References:
securityaffairs.com
, The Hacker News
,
Chinese APT groups are actively targeting U.S. telecom providers and European healthcare organizations using sophisticated cyberattacks. The attacks involve custom malware, such as JumbledPath used by Salt Typhoon to spy on U.S. telecom networks, and the exploitation of vulnerabilities like the Check Point flaw (CVE-2024-24919). These campaigns are characterized by the deployment of advanced tools like ShadowPad and NailaoLocker ransomware, indicating a blend of espionage and financially-motivated cybercrime.
These threat actors gain initial access through exploited vulnerabilities, then move laterally within the networks using techniques like RDP to obtain elevated privileges. The attackers then deploy ShadowPad and PlugX, before deploying the NailaoLocker ransomware in the final stages, encrypting files and demanding Bitcoin payments. These findings highlight the evolving tactics of Chinese APT groups and the challenges in attributing these attacks, given the blurring lines between state-sponsored espionage and financially driven operations. Recommended read:
References :
|