Bringing cybersecurity globally to critical and complex key activities
Understanding the cyber threat:
The telecommunications industry is a significant target for both cybercriminal and state-sponsored attacks. Cyberattacks on this industry can affect a wider range of victims beyond the industry itself because the use of telecommunications services by businesses and consumers alike is so pervasive. In particular, many businesses in other industries depend on telecommunications service providers to manage relationships with customers, or for their own phone and internet services. Breaches at telecommunications service providers can impact other companies’ external internet traffic and customer relationships.
Hackers understand the importance of the sector that keeps the world connected and broadly supports economies and business infrastructures. A successful attack on a telecommunication service provider has far-reaching consequences, not just on the organization and its clients but also on a nation.
On the other hand, the telecommunication sector acts as a gateway to millions of other businesses. Hackers will attempt to infiltrate on the telecom core infrastructure to intercept user calls or penetrate subscribers’ networks. Such scenarios cause significant damage to business reputation and data privacy.
Applications such as WhatsApp, Telegram or Signal still contain numerous security holes that make it difficult for malicious actors to carry out attacks and target a wide range of users. For example, a new automated as-a-service scam has been discovered exploiting TTelegram bots to steal money and payment data from their European victims.
Today, instant messaging applications are often confronted with nation-state sponsored attacker groups carrying out cyber espionage campaigns via messaging applications like Telegram or Signal. The main risk is that APT attackers will take advantage of the influx of WhatsApp users to Telegram or Signal to expand their victim base without users being aware of the threat.
Several APT threat actors such as ATK51 or ATK66 (APT-C-23) have played a major role in attacks using WhatsApp or even Telegram. Furthermore, applications such as Telegram can become a placeholder for the DarkWeb as shown by the leak of several malware source codes belonging to the ATK51 group (MuddyWater). Indeed, a group calling itself «Green Leakers» used Telegram channels to sell ATK51 data.
The same users who decided to change their email application such as WhatsApp, due to non-compliance with the data policy, are not yet sufficiently aware of the increasing number of cybercriminal attacks on applications such as Telegram or even Signal, which are becoming a new theatre of operations for organized cybercrime. With the rise of WhatsApp users migrating to Telegram for example, the risk of a benevolent user ending up on a GreenLeakers type channel is very high.
ATK132
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK78
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK128
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK29
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK17
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK35
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK32
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK1
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK33
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK40
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK15
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations