Telecoms, as linkages to digital health tools and remote patient monitoring, are vital–and lately the target of hackers.
BT Group’s BT Conferencing business division shut down some of its servers following a Black Basta RaaS ransomware breach. After an initial denial to Bleeping Computer, other reports confirmed that the breach was successful in snatching 500GB of data, including financial and organizational data, “users data and personal docs,” NDA documents, confidential information, and more (see screenshot of Black Basta’s leak site, left). BT confirmed that only some servers for the Conferencing business were taken offline and that live conferencing services were unaffected. According to Bleeping Computer, “The cybercrime group also published folder listings and multiple screenshots of documents requested by the company during the hiring process as proof of their claims. The ransomware gang also added a countdown to their dark web leak site, saying the allegedly stolen data would be leaked next week.” BT Group is continuing to monitor and is coordinating with international law enforcement entities. The Russian-based Black Basta since 2022 has been quite successful at its ransomware-as-a service business; its affiliates have breached over 500 organizations and collected $100 million in ransom payments from over 90 victims, according to CISA and the FBI.
Chinese state-sponsored hackers are no slouches in the telecom hacking business either. Their operation dubbed Salt Typhoon has breached at least eight telecom operations and their operations in dozens of countries. Anne Neuberger, deputy national security adviser to the currently expiring administration, seemed not to be overly alarmed that this activity has been going on for a year or two, stating that “at this time, we don’t believe any classified communications have been compromised. ” Companies confirmed by CISA and the FBI are T-Mobile, Verizon, AT&T, and Lumen Technologies. T-Mobile’s breach came via a connected wireline provider’s network, but their chief security officer stated that T-Mobile has no more attacker activity within its network.
Access to telecom allowed the Chinese hackers to intercept and steal internet traffic from internet service providers. Neuberger also confirmed that some government traffic had been compromised–that of government officials, the US government’s wiretapping platform, and there was theft of law enforcement request data and customer call records. Salt Typhoon has also used nom de plumes FamousSparrow, Earth Estries, Ghost Emperor, and UNC2286 to breach Southeast Asia government entities and telecom companies since at least 2019. FBI advice–encryption. Bleeping Computer
Most Recent Comments