Bringing cybersecurity globally to critical and complex key activities
Understanding the cyber threat:
The telecommunications industry is a significant target for both cybercriminal and state-sponsored attacks. Cyberattacks on this industry can affect a wider range of victims beyond the industry itself because the use of telecommunications services by businesses and consumers alike is so pervasive. In particular, many businesses in other industries depend on telecommunications service providers to manage relationships with customers, or for their own phone and internet services. Breaches at telecommunications service providers can impact other companies’ external internet traffic and customer relationships.
Hackers understand the importance of the sector that keeps the world connected and broadly supports economies and business infrastructures. A successful attack on a telecommunication service provider has far-reaching consequences, not just on the organization and its clients but also on a nation.
On the other hand, the telecommunication sector acts as a gateway to millions of other businesses. Hackers will attempt to infiltrate on the telecom core infrastructure to intercept user calls or penetrate subscribers’ networks. Such scenarios cause significant damage to business reputation and data privacy.
Applications such as WhatsApp, Telegram or Signal still contain numerous security holes that make it difficult for malicious actors to carry out attacks and target a wide range of users. For example, a new automated as-a-service scam has been discovered exploiting TTelegram bots to steal money and payment data from their European victims.
Today, instant messaging applications are often confronted with nation-state sponsored attacker groups carrying out cyber espionage campaigns via messaging applications like Telegram or Signal. The main risk is that APT attackers will take advantage of the influx of WhatsApp users to Telegram or Signal to expand their victim base without users being aware of the threat.
Several APT threat actors such as ATK51 or ATK66 (APT-C-23) have played a major role in attacks using WhatsApp or even Telegram. Furthermore, applications such as Telegram can become a placeholder for the DarkWeb as shown by the leak of several malware source codes belonging to the ATK51 group (MuddyWater). Indeed, a group calling itself «Green Leakers» used Telegram channels to sell ATK51 data.
The same users who decided to change their email application such as WhatsApp, due to non-compliance with the data policy, are not yet sufficiently aware of the increasing number of cybercriminal attacks on applications such as Telegram or even Signal, which are becoming a new theatre of operations for organized cybercrime. With the rise of WhatsApp users migrating to Telegram for example, the risk of a benevolent user ending up on a GreenLeakers type channel is very high.
X Reset
ATK132
> Alias
Deadeye Jackal
SEA
...
> Suspected origin countries
Syria
> Suspected targeted countries
Canada
France
...
> Target sectors
Communication
Defense
...
> Motivations
Coercion
Dominance
...
ATK78
> Alias
Thrip
> Suspected origin countries
China
> Suspected targeted countries
Philippines
Taiwan
...
> Target sectors
Aerospace
Communication
...
> Motivations
Espionage
Information theft
ATK17
> Alias
APT-32
APT-C-00
...
> Suspected origin countries
Vietnam
> Suspected targeted countries
Australia
China
...
> Target sectors
Communication
Defense
...
> Motivations
Espionage
ATK128
> Alias
OurMine
> Suspected origin countries
Saudi Arabia
> Suspected targeted countries
United Kingdom Of Great Britain And Northern Ireland
United States Of America
> Target sectors
Casino & Gaming
Communication
...
> Motivations
Coercion
Dominance
...
ATK29
> Alias
APT 40
APT40
...
> Suspected origin countries
China
> Suspected targeted countries
Belgium
Cambodia
...
> Target sectors
Aerospace
Chemicals
...
> Motivations
Espionage
Information theft
ATK35
> Alias
APT 33
APT33
...
> Suspected origin countries
Iran
> Suspected targeted countries
Iran, Islamic Republic Of
Iraq
...
> Target sectors
Aerospace
Aviation
...
> Motivations
Espionage
ATK32
> Alias
FIN7
GOLD NIAGARA
...
> Suspected origin countries
Ukraine
Russia
> Suspected targeted countries
Australia
France
...
> Target sectors
Casino & Gaming
Communication
...
> Motivations
Financial Gain
ATK1
> Alias
DragonFish
Lotus Blossom
...
> Suspected origin countries
China
> Suspected targeted countries
Cambodia
Canada
...
> Target sectors
Communication
Education
...
> Motivations
Espionage
Information theft
ATK33
> Alias
PLATINUM
TwoForOne
> Suspected origin countries
Unknown
> Suspected targeted countries
China
India
...
> Target sectors
Communication
Defense
...
> Motivations
Information theft
ATK40
> Alias
APT 34
APT34
...
> Suspected origin countries
Iran
> Suspected targeted countries
Azerbaijan
Mauritius
...
> Target sectors
Aerospace
Aviation
...
> Motivations
Espionage
ATK15
> Alias
APT 27
APT27
...
> Suspected origin countries
China
> Suspected targeted countries
China
Hong Kong
...
> Target sectors
Aerospace
Communication
...
> Motivations