Communication

(11) attackers < Back

Understanding the cyber threat:

The telecommunications industry is a significant target for both cybercriminal and state-sponsored attacks. Cyberattacks on this industry can affect a wider range of victims beyond the industry itself because the use of telecommunications services by businesses and consumers alike is so pervasive. In particular, many businesses in other industries depend on telecommunications service providers to manage relationships with customers, or for their own phone and internet services. Breaches at telecommunications service providers can impact other companies’ external internet traffic and customer relationships.

Thales: Cyber Threats in Communication

​Hackers understand the importance of the sector that keeps the world connected and broadly supports economies and business infrastructures. A successful attack on a telecommunication service provider has far-reaching consequences, not just on the organization and its clients but also on a nation.

 

On the other hand, the telecommunication sector acts as a gateway to millions of other businesses. Hackers will attempt to infiltrate on the telecom core infrastructure to intercept user calls or penetrate subscribers’ networks. Such scenarios cause significant damage to business reputation and data privacy.

 

Thales: Cyber Threats in Communication

​Applications such as WhatsApp, Telegram or Signal still contain numerous security holes that make it difficult for malicious actors to carry out attacks and target a wide range of users. For example, a new automated as-a-service scam has been discovered exploiting TTelegram bots to steal money and payment data from their European victims.

Thales: Cyber Threats in Communication

Today, instant messaging applications are often confronted with nation-state sponsored attacker groups carrying out cyber espionage campaigns via messaging applications like Telegram or Signal. The main risk is that APT attackers will take advantage of the influx of WhatsApp users to Telegram or Signal to expand their victim base without users being aware of the threat.

 

Several APT threat actors such as ATK51 or ATK66 (APT-C-23) have played a major role in attacks using WhatsApp or even Telegram. Furthermore, applications such as Telegram can become a placeholder for the DarkWeb as shown by the leak of several malware source codes belonging to the ATK51 group (MuddyWater). Indeed, a group calling itself «Green Leakers» used Telegram channels to sell ATK51 data.

The same users who decided to change their email application such as WhatsApp, due to non-compliance with the data policy, are not yet sufficiently aware of the increasing number of cybercriminal attacks on applications such as Telegram or even Signal, which are becoming a new theatre of operations for organized cybercrime. With the rise of WhatsApp users migrating to Telegram for example, the risk of a benevolent user ending up on a GreenLeakers type channel is very high.

X Reset

ATK132

> Alias

Deadeye Jackal

SEA

...

> Suspected origin countries

Syria

> Suspected targeted countries

Canada

France

...

> Target sectors

Communication

Defense

...

> Motivations

Coercion

Dominance

...

ATK78

> Alias

Thrip

> Suspected origin countries

China

> Suspected targeted countries

Philippines

Taiwan

...

> Target sectors

Aerospace

Communication

...

> Motivations

Espionage

Information theft

ATK17

> Alias

APT-32

APT-C-00

...

> Suspected origin countries

Vietnam

> Suspected targeted countries

Australia

China

...

> Target sectors

Communication

Defense

...

> Motivations

Espionage

ATK128

> Alias

OurMine

> Suspected origin countries

Saudi Arabia

> Suspected targeted countries

United Kingdom Of Great Britain And Northern Ireland

United States Of America

> Target sectors

Casino & Gaming

Communication

...

> Motivations

Coercion

Dominance

...

ATK29

> Alias

APT 40

APT40

...

> Suspected origin countries

China

> Suspected targeted countries

Belgium

Cambodia

...

> Target sectors

Aerospace

Chemicals

...

> Motivations

Espionage

Information theft

ATK35

> Alias

APT 33

APT33

...

> Suspected origin countries

Iran

> Suspected targeted countries

Iran, Islamic Republic Of

Iraq

...

> Target sectors

Aerospace

Aviation

...

> Motivations

Espionage

ATK32

> Alias

FIN7

GOLD NIAGARA

...

> Suspected origin countries

Ukraine

Russia

> Suspected targeted countries

Australia

France

...

> Target sectors

Casino & Gaming

Communication

...

> Motivations

Financial Gain

ATK1

> Alias

DragonFish

Lotus Blossom

...

> Suspected origin countries

China

> Suspected targeted countries

Cambodia

Canada

...

> Target sectors

Communication

Education

...

> Motivations

Espionage

Information theft

ATK33

> Alias

PLATINUM

TwoForOne

> Suspected origin countries

Unknown

> Suspected targeted countries

China

India

...

> Target sectors

Communication

Defense

...

> Motivations

Information theft

ATK40

> Alias

APT 34

APT34

...

> Suspected origin countries

Iran

> Suspected targeted countries

Azerbaijan

Mauritius

...

> Target sectors

Aerospace

Aviation

...

> Motivations

Espionage

ATK15

> Alias

APT 27

APT27

...

> Suspected origin countries

China

> Suspected targeted countries

China

Hong Kong

...

> Target sectors

Aerospace

Communication

...

> Motivations

Espionage