Databreach at European Telecommunications Standards Institute (ETSI)

September 27, 2023

On 27 September 2023 the European Telecommunications Standards Institute (ETSI) reported that hackers have stolen a database identifying its users.
It is not yet clear whether the attack was financially motivated or if the hackers had intended to acquire the list of users for espionage purposes.

Following the incident, ETSI, which is based in the Sophia Antipolis technology park in the French Riviera, said it brought in France’s cybersecurity agency ANSSI “to investigate and repair the information systems.” The nonprofit said the “vulnerability on which the attack was based has been fixed,” although it did not identify the vulnerability.

read more

Ukrainian Hacktivists Temporarily Disabled Internet Services in some Russia Occupied Territories

October 27, 2023

Ukrainian hackers have temporarily disabled internet services in parts of the country’s territories that have been occupied by Russia. The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service (DDoS) attack took down three Russian internet providers — Miranda-media, Krimtelekom, and MirTelekom — operating in the territories.

Early on Friday, Russian internet operators confirmed that they had experienced an “unprecedented level of DDoS attacks from Ukrainian hacker groups,” temporarily disrupting their operations. The attack affected services such as cellular networks, phone calls, and internet connections.

read more

Cyberattack Causes Widespread Disruption for Lyca Mobile Customers

September 30, 2023

Lyca Mobile, a British telecom company, faced a network disruption due to a cyber attack over the weekend of September 30 – October 1.
“The issues affected all Lyca Mobile markets apart from the United States, Australia, Ukraine and Tunisia,” the company said. The attack prevented customers and retailers from accessing top-ups. National and international calling was impacted and it raised concerns about potential customer data compromise.

read more

40% of Australians Without Internet or Phone for One Day

November 7, 2023

An outage at No.2 Australian telco Optus left nearly half the population without internet or phone on Wednesday, throwing payment, transport and health systems into chaos and raising questions about the fragility of the country’s core infrastructure. The outage was first reported about 4 a.m. local time (1700 GMT on Tuesday) and it was not until almost 5.30 p.m. that Optus said services had been restored.

Some 10 million Australians, 40% of the population, are Optus customers and could not use smartphones, broadband internet or landlines for much of the day. Hospitals couldn’t take phone calls, small businesses were unable to process electronic payments and train networks and ride share services were down simultaneously in some cities. The incident sparked criticism about the robustness of Australia’s telecommunications network and in particular about Optus, which is owned by Singapore Telecommunications

read more

‘Sandworm’ Attack Interrupts Service at 11 Telcom Providers in Ukraine

May 1, 2023

The state-sponsored Russian hacking group tracked as ‘Sandworm’ has compromised eleven telecommunication service providers in Ukraine between May and September 2023.
That is based on a new report by Ukraine’s Computer Emergency Response Team (CERT-UA) citing ‘public resources’ and information retrieved from some breached providers. The agency states that the Russian hackers “interfered” with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches.

read more

Cyberattack Causes Widespread Disruption in Kenya

July 25, 2023

Kenya endured a huge cyber attack that has affected services on a key government online platform. The BBC reported the attack against the region’s eCitizen portal. The portal is used by the public to access over 5,000 government services. Impacted were passport applications and renewal, e-visas for non-citizens visiting Kenya, as well as driving licenses, ID cards and health records from being issued.

Anonymous Sudan claim responsibility for an extensive cyberattack in Kenya which saw multiple government services impacted and raised digital concerns.

Mobile-money banking services M-Pesa were also affected by the attack. People were unable to make payments at shops. Public transport vehicles, hotels and other platforms also experienced difficulties. Millions of people across Kenya use Mobile-money to receive and spend money and the platform is seen as widely convenient for those who do not have access to essential banking services.

read more

Australian Infrastructure Services Provider Takes Down Systems

July 8, 2023

The Australian infrastructure services provider Ventia says a cyberattack on the weekend of July 8 and 9 is contained. The attack on the Sydney-headquartered essential infrastructure services provider caused it to take key systems offline. However, in a July 12 statement, Ventia says its key internal systems have been safely re-enabled and external-facing networks are systematically being restored. Ventia is giving little away about the nature of the cyberattack, but the company’s decision to shut down its systems is a characteristic response to a ransomware-style attack.

An APAC Analyst Technical Director at DarkTrace says some of Ventia’s systems were offline for at least three days and switching off services would significantly impact customers. “Ventia are an important pillar in the management of critical infrastructure. They operate sites across Australia and New Zealand on behalf of defence, electricity, gas, and water companies,”

read more

Italtel Cyberattack Claimed by Medusa

September 25, 2023

On Monday 25 September, the Italian company Italtel was the victim of a cyber attack. The cyber attack impacted Italtel’s IT infrastructure, limiting access and use of some company systems. The situation continues to evolve. The Italtel affair adds to the many IT incidents involving large Italian companies.
Italtel has already started communicating with its customers and suppliers about the cyber attack. Any subsequent interactions will be managed by the competent figures within the company.

The Medusa ransomware criminal gang claims the ransomware attack, Italtel has as of today not confirmed the attack. Italtel’s target markets are Telco & Media, Industry & Manufacturing, Energy & Transportation, Banking & Insurance, Healthcare and Public Administration.

read more

Satellite Communications System Serving the Russian military Knocked Offline

June 30, 2023

A group of previously unknown hackers has claimed responsibility for a cyberattack on the Russian satellite communications provider Dozor-Teleport, which is used by energy companies and the country’s defense and security services.

Doug Madory, the head of internet analysis at the network monitoring company Kentik confirmed to Record Future News that Dozor-Teleport has been disconnected from the internet and is currently unreachable. Dozor’s parent company, Amtel Svyaz, also suffered a significant outage late on Wednesday, according to Madory.

The hackers claim that they damaged some of the satellite terminals and leaked and destroyed confidential information stored on the company’s servers. The group posted 700 files, including documents and images, to a leak site, as well as some to their newly created Telegram channel.

The group claims to be affiliated with the notorious Wagner Grouphackers. There was no mention of the hack on the official Telegram channel of the Wagner Group and several experts expressed skepticism that the group was involved.

Dozor did not respond to inquiries about the attack.

read more

Cyberattack Causes Widespread Operational Disruption at Rheinische Post Mediagruppe

June 16, 2023

The “Rheinische Post Mediengruppe” has to shut down some systems because of a cyberattack. The operation of the news portals is only possible to a limited extent. Emergency editions of the affected newspapers were published on Monday. Unfortunately, the printed and digital editions cannot be offered in the usual structure, stated the “Rheinische Post”.

Individual technical systems had to be switched off and the connection to the Internet had to be cut, according to the “Rheinische Post”. The “Aachener Zeitung”, which belongs to the media group, addressed the readers on the first page and wrote of an emergency edition “that does not fully correspond to what you are used to from us”. The Bonn “General-Anzeiger” reacted with an edition that appeared “not in the usual scope and in the usual timeliness”.

read more