| Category | Details |
|---|---|
| Threat Actors | Salt Typhoon (aka GhostEmperor/UNC2286), KillNet, Black Basta, Scattered Spider |
| Campaign Overview | Cyber espionage targeting U.S. telecom giants; attacks include breaches, ransomware, and insider threats. |
| Target Regions | United States, France, Germany, Ukraine, Australia |
| Methodology | Espionage, supply-chain attacks, data exfiltration, ransomware, insider threats, phishing |
| Product Targeted | Telecom infrastructure, cloud environments (e.g., Snowflake), mobile services |
| Malware Reference | Demodex rootkit, Deed RAT, Raccoon infostealer |
| Tools Used | Backdoors (e.g., GHOSTSPIDER), stolen credentials, Dark Web access sales |
| Vulnerabilities Exploited | Citrix Bleed (CVE-2023-4966), outdated hardware (e.g., routers, switches), compromised insider access |
| TTPs | Long-term network infiltration, use of advanced evasion techniques, targeting government and political figures |
| Attribution | Linked to China’s Ministry of State Security; Russian hacktivist group involvement in Kyivstar attack questioned |
| Recommendations | Regular security audits, timely patching, monitoring Dark Web activity, adopting advanced threat intelligence tools |
| Source | SOCRadar |
Read full article: https://socradar.io/cyber-attacks-telecommunication-industry-2023-2024/
The above summary has been generated by an AI language model
Leave a Reply