CyberSecurity news

FlagThis - #telecomsecurity

@www.yahoo.com //

Salt Typhoon Cyber Espionage on Telecoms - A cyberattack campaign called 'Salt Typhoon,' attributed to Chinese hackers, breached nine major U.S. telecommunications companies, stealing metadata and call content.
The China-linked Salt Typhoon hacking group successfully launched a cyber espionage campaign targeting major telecommunications companies AT&T and Verizon. The attackers aimed to gather foreign intelligence, although both companies have stated that their networks are now secure. This incident highlights the ongoing threat of state-sponsored cyber espionage targeting critical infrastructure and telecommunications providers. The initial breach was achieved by exploiting vulnerabilities in network infrastructure, and although the networks are now secure, it emphasizes the need for continuous monitoring and robust security measures to detect and mitigate these threats.

Recommended read:
References :
  • Threats | CyberScoop: White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
  • Fortune | FORTUNE: Chinese spies infiltrated yet another U.S. telecom and accessed private conversations, White House says
  • BleepingComputer: A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
  • Techmeme: The US says it has identified a ninth telecom company impacted by the Salt Typhoon hacks, and the number of individuals directly impacted is "less than 100"
  • www.bleepingcomputer.com: A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
  • Techmeme: The US says it has identified a ninth telecom company impacted by the Salt Typhoon hacks, and the number of individuals directly impacted is "less than 100"
  • Pyrzout :vm:: A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says -State
  • www.techmeme.com: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
  • Techmeme: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
  • Bloomberg Technology: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
  • gbhackers.com: AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles
  • www.yahoo.com: Chinese Salt Typhoon cyberespionage targets AT&T, Verizon but networks secure, carriers say
  • securityaffairs.com: China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm
  • gbhackers.com: AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles
  • BleepingComputer: AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.
  • techcrunch.com: TechCrunch article on AT&T and Verizon saying networks are secure after being breached by China-linked Salt Typhoon hackers.
  • cyberinsider.com: AT&T and Verizon Declare Networks Secure After Salt Typhoon Attacks
  • techcrunch.com: Verizon says it has secured its network after breach by China-linked Salt Typhoon group
  • www.bleepingcomputer.com: AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.
  • Zack Whittaker: New by : U.S. phone giants AT&T and Verizon say their networks are free from the Salt Typhoon hackers. Both networks said a few customers had their communications compromised during the hacking campaign.
  • systemweakness.com: What we learned from salt typhoon telecoms operation
  • Cord Cutters News: AT&T & Verizon Confirm Security Breach, But Assure Customers That The Networks Are Now Secure
  • CyberInsider: CyberInsider article on AT&T and Verizon declaring networks secure after Salt Typhoon attacks.
  • CNET: CNet article on AT&T and Verizon declaring their networks secure amid Salt Typhoon cyberattack.
  • Latest from TechRadar: TechRadar article on AT&T and Verizon saying they're free of Salt Typhoon hacks at last.
  • The Register: More telcos confirm Salt Typhoon breaches as White House weighs in The intrusions allowed Beijing to 'geolocate millions of individuals' AT&T, Verizon, and Lumen Technologies confirmed that Chinese government-backed snoops accessed portions of their systems earlier this year, while the White House added another, yet-unnamed telecommunications company to the list of those bre…
  • go.theregister.com: More telcos confirm Salt Typhoon breaches as White House weighs in
  • Hacker News: More telcos confirm Salt Typhoon breaches as White House weighs in L: C: posted on 2024.12.30 at 20:52:06 (c=0, p=5)
  • www.theregister.com: More telcos confirm Salt Typhoon breaches as White House weighs in L: C: posted on 2024.12.30 at 20:52:06 (c=0, p=5)
  • malware.news: Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise
  • The Register - Security: More telcos confirm Salt Typhoon breaches as White House weighs in
  • Strypey: "This week the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) and partner agencies in New Zealand, Australia and Canada began advocating for the use of end-to-end encrypted (E2EE) communications. The move is in reaction to law enforcement backdoors in the public telephone network - including AT&T, Verizon and T-Mobile - being hijacked by Salt Typhoon; a cyberattack group believed to be operated by the Chinese government."
  • www.scworld.com: Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise
  • ciso2ciso.com: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
  • techcrunch.com: US telco Lumen says its network is now clear of China’s Salt Typhoon hackers
  • ciso2ciso.com: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
  • Pyrzout :vm:: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
@krebsonsecurity.com //

US Soldier Arrested for Telecom Data Theft - A U.S. Army soldier was arrested for stealing and selling sensitive customer call records from AT&T and Verizon.
A 20-year-old U.S. Army soldier, identified as Cameron John Wagenius, has been arrested and indicted on suspicion of being the cybercriminal "Kiberphant0m". He is accused of stealing and selling sensitive customer call records from AT&T and Verizon. Wagenius, who was previously stationed in South Korea as a communications specialist, allegedly used his access to systems to exfiltrate data and extort the telecommunications companies. The arrest follows an investigation which linked Kiberphant0m to stolen data from AT&T and Verizon.

Wagenius's mother, Alicia Roen, revealed that prior to his arrest, her son admitted being associated with another cybercriminal named Connor Riley Moucka, also known as "Judische". Moucka was arrested in late October for stealing data from the cloud service Snowflake and extorting companies. Moucka allegedly outsourced the sale of the stolen data to others, including Kiberphant0m. Kiberphant0m himself claimed responsibility for hacking into at least 15 telecommunications firms, including AT&T and Verizon and even posted what they claimed were the call logs for President-elect Donald J. Trump and Vice President Kamala Harris.

Recommended read:
References :
  • Metacurity: U.S. Army Soldier Arrested in AT&T, Verizon Extortions
  • krebsonsecurity.com: U.S. Army Soldier Arrested in AT&T, Verizon Extortions
  • Hacker News: U.S. Army Soldier Arrested in AT&T, Verizon Extortions
  • DataBreaches.Net: U.S. Army Soldier Arrested in AT&T, Verizon Extortions
  • Techmeme: The US arrests a US Army soldier on suspicion of being Kiberphant0m, who sold sensitive customer call records stolen from AT&T and Verizon in the Snowflake hack (Brian Krebs/Krebs on Security)
  • krebsonsecurity.com: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon.
  • 9to5Mac: US Army soldier arrested over data breach extortion of AT&T and Verizon
  • 9to5mac.com: US Army soldier arrested over data breach extortion of AT&T and Verizon
  • The Desk: Exclusive: Texas police arrest soldier indicted in hack against AT&T
  • malware.news: U.S. Army Soldier Arrested in AT&T, Verizon Extortions
  • siliconangle.com: US Army soldier arrested in connection with AT&T, Verizon data breaches
  • SiliconANGLE: US Army soldier arrested in connection with AT&T, Verizon data breaches
  • www.techmeme.com: The US arrests a US Army soldier on suspicion of being Kiberphant0m, who sold sensitive customer call records stolen from AT&T and Verizon in the Snowflake hack (Brian Krebs/Krebs on Security)
  • PrivacyDigest: U.S. Army Soldier Arrested in AT&T , – Krebs on Security Federal authorities have arrested and indicted a 20-year-old U.S. soldier on suspicion of being , a who has been selling and sensitive customer call records stolen earlier this year from AT&T and Verizon
  • DMR News: US Soldier Arrested for Allegedly Selling Stolen Phone Records in Hacking Case
@feeds.feedburner.com //

CISA Urges Encrypted Messaging After Telecom Hacks - CISA urges government officials to use encrypted messaging apps like Signal after telecom breaches affected multiple countries, including eight carriers in the US.
The Cybersecurity and Infrastructure Security Agency (CISA) is recommending that senior government and political officials use end-to-end encrypted messaging applications, such as Signal. This recommendation follows a series of telecom breaches impacting numerous countries, including eight carriers within the United States. The agency's move aims to ensure more secure communications and to prevent potential leaks of sensitive government and political conversations that could arise from these security incidents.

These breaches, some of which were confirmed by CISA and the FBI in late October, have highlighted vulnerabilities in the telecom sector. Reports indicate a Chinese-backed threat group, Salt Typhoon, is responsible for the attacks which impacted multiple US telecommunications companies including T-Mobile, AT&T, Verizon, and Lumen Technologies. While the exact timing of the breaches remains unclear, the agency's push for encrypted messaging is a step towards safeguarding sensitive information.

Recommended read:
References :
  • bsky.app: CISA urges senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States.
  • BleepingComputer: CISA urges senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States.
  • www.bleepingcomputer.com: CISA urges switch to Signal-like encrypted messaging apps after telecom hacks
  • www.techradar.com: Salt Typhoon: US cybersecurity watchdog urges switch to Signal-like messaging apps
  • techcrunch.com: US government urges high-ranking officials to lock down mobile devices following telecom breaches
  • www.scworld.com: E2E encrypted messaging app use urged by CISA
drewt@secureworldexpo.com (Drew Todd)@SecureWorld News //

Salt Typhoon Group Expands Espionage Using JumbledPath - Chinese cyber espionage group Salt Typhoon is expanding its espionage campaign by compromising telecom networks globally using a custom malware called JumbledPath to monitor network traffic, gaining access through stolen credentials and exploiting Cisco router vulnerabilities.
The Chinese state-sponsored hacking group Salt Typhoon is expanding its espionage campaign, targeting U.S. telecommunication providers and other networks globally. The group, active since at least 2019, has been breaching major companies like AT&T, Verizon, and Lumen Technologies. Between December 2024 and January 2025, Salt Typhoon compromised additional telecom networks across the globe. The attacks involve a custom utility called JumbledPath, used to stealthily monitor network traffic and potentially capture sensitive data.

Salt Typhoon gains initial access through stolen credentials and exploiting vulnerabilities in Cisco routers. Specifically, they target internet-exposed Cisco network routers, leveraging CVE-2023-20198 and CVE-2023-20273 to escalate privileges and gain root access. Once inside, they extract credentials by intercepting authentication traffic, modify network configurations, and create hidden accounts to maintain persistent access. The group's objectives include intercepting sensitive communications, tracking political activists, and stealing research from academic institutions.

Recommended read:
References :
  • bsky.app: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
  • BleepingComputer: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
  • securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
  • www.bleepingcomputer.com: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
  • Anonymous ???????? :af:: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
  • BleepingComputer: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
  • Carly Page: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
  • Blog: New Details: Salt Typhoon Used Leaked Creds in Telecom Attack
  • SecureWorld News: Chinese cyber espionage group Salt Typhoon has made headlines in the last year, breaching major , including AT&T, Verizon, and Lumen Technologies.
  • cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
  • www.bleepingcomputer.com: Chinese hackers breach more U.S. telecoms via unpatched Cisco routers
  • gbhackers.com: Gbhackers news on Salt Typhoon Hackers Exploit Cisco Vulnerability
  • www.the420.in: The 420 news on Chinese Hackers Target US Telecom Giants
@www.bleepingcomputer.com //

Chinese APT Groups Target Telecom (and) Healthcare - Chinese APT groups are targeting U.S. telecom providers and European healthcare organizations using custom malware and exploiting vulnerabilities to steal data and potentially deploy ransomware.
Chinese APT groups are actively targeting U.S. telecom providers and European healthcare organizations using sophisticated cyberattacks. The attacks involve custom malware, such as JumbledPath used by Salt Typhoon to spy on U.S. telecom networks, and the exploitation of vulnerabilities like the Check Point flaw (CVE-2024-24919). These campaigns are characterized by the deployment of advanced tools like ShadowPad and NailaoLocker ransomware, indicating a blend of espionage and financially-motivated cybercrime.

These threat actors gain initial access through exploited vulnerabilities, then move laterally within the networks using techniques like RDP to obtain elevated privileges. The attackers then deploy ShadowPad and PlugX, before deploying the NailaoLocker ransomware in the final stages, encrypting files and demanding Bitcoin payments. These findings highlight the evolving tactics of Chinese APT groups and the challenges in attributing these attacks, given the blurring lines between state-sponsored espionage and financially driven operations.

Recommended read:
References :

Blogs

Research Tools