P1Security<p>🎥 What is O-RAN, really?</p><p>O-RAN isn't just a buzzword — it's a structural shift in how we build radio access networks.</p><p>By moving away from proprietary, locked-in systems and toward open, cloud-native architectures, operators gain flexibility… but also inherit new risks.</p><p>At the beginning of this analysis, we lay the groundwork — defining what O-RAN is before unpacking the security implications throughout the session.</p><p>▶️ Watch the full webinar for the complete breakdown: <a href="https://app.getcontrast.io/register/p1-security-open-ran" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.getcontrast.io/register/p1</span><span class="invisible">-security-open-ran</span></a></p><p><a href="https://infosec.exchange/tags/ORAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ORAN</span></a> <a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/5GSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>5GSecurity</span></a> <a href="https://infosec.exchange/tags/MobileNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileNetworks</span></a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://infosec.exchange/tags/CRAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CRAN</span></a> <a href="https://infosec.exchange/tags/OpenRAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenRAN</span></a> <a href="https://infosec.exchange/tags/TelcoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelcoSec</span></a> <a href="https://infosec.exchange/tags/TelecomTransformation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomTransformation</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/P1Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P1Security</span></a></p>
mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.
Administered by:
Server stats:
8.1Kactive users
mastodon.world: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0
#telecomsecurity
0 posts · 0 participants · 0 posts today
P1Security<p>🚨 𝐒𝐒7 𝐄𝐱𝐩𝐥𝐨𝐢𝐭 𝐒𝐨𝐥𝐝 𝐎𝐧𝐥𝐢𝐧𝐞: 𝐔𝐧𝐬𝐞𝐜𝐮𝐫𝐞𝐝 𝐆𝐚𝐭𝐞𝐰𝐚𝐲𝐬 𝐁𝐚𝐜𝐤 𝐢𝐧 𝐭𝐡𝐞 𝐒𝐩𝐨𝐭𝐥𝐢𝐠𝐡𝐭 🚨</p><p>A recent dark web listing is offering access to an SS7 gateway for $5000, enabling SMS interception, location tracking, and call surveillance. While it’s unclear how legitimate the offer is, the risk is real: unsecured SS7 entry points still exist—and are still being sold.</p><p>𝐖𝐡𝐲 𝐢𝐭 𝐦𝐚𝐭𝐭𝐞𝐫𝐬:</p><p>- Legacy telecom gateways are vulnerable, especially if left unmonitored.</p><p>- Threat actors can abuse signaling to bypass 2FA, monitor targets, or exfiltrate sensitive data.</p><p>- Operators must act before regulators or adversaries do.</p><p>🔒 P1 Security protects mobile networks by detecting and blocking malicious SS7 activity in real time, before exploits take hold.</p><p>📥 Understand how attackers exploit SS7 and how to stop them:</p><p>👉 𝐆𝐞𝐭 𝐏1 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲'𝐬 𝐫𝐞𝐬𝐞𝐚𝐫𝐜𝐡 𝐖𝐡𝐢𝐭𝐞𝐩𝐚𝐩𝐞𝐫 – “𝐒𝐒7 𝐀𝐭𝐭𝐚𝐜𝐤𝐞𝐫 𝐇𝐞𝐚𝐯𝐞𝐧 𝐓𝐮𝐫𝐧𝐬 𝐢𝐧𝐭𝐨 𝐑𝐢𝐨𝐭”: <a href="https://www.p1sec.com/white-paper/ss7-attacker-heaven-turns-into-riot-presentation" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">p1sec.com/white-paper/ss7-atta</span><span class="invisible">cker-heaven-turns-into-riot-presentation</span></a> </p><p><a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SS7</span></a> <a href="https://infosec.exchange/tags/SignalingSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SignalingSecurity</span></a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://infosec.exchange/tags/P1Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P1Security</span></a></p>
The DefendOps Diaries<p>The FBI is sounding the alarm: state-backed hackers are using custom malware and zero-day exploits to slip past telecom defenses. How are these tactics evading detection, and what does it mean for our security? Read more.</p><p><a href="https://thedefendopsdiaries.com/unmasking-salt-typhoon-the-cyber-threat-to-telecom-networks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/unmask</span><span class="invisible">ing-salt-typhoon-the-cyber-threat-to-telecom-networks/</span></a></p><p><a href="https://infosec.exchange/tags/salt_typhoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>salt_typhoon</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/telecomsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecomsecurity</span></a><br><a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apt</span></a><br><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p>
P1Security<p>Last week, P1 Security was at MWC Barcelona, connecting with industry leaders to discuss the latest in mobile network security. From <a href="https://infosec.exchange/tags/5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>5G</span></a> vulnerabilities to <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> driven cyber threats, the conversations emphasized the need for advanced attack surface management, intrusion detection, and threat intelligence solutions.</p><p>🙏 A special thank you to Business France for their incredible support and organization throughout the event.</p><p>A huge thank you to our <a href="https://infosec.exchange/tags/partners" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>partners</span></a>, <a href="https://infosec.exchange/tags/customers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>customers</span></a>, and industry <a href="https://infosec.exchange/tags/peers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>peers</span></a> who joined us to exchange insights and drive innovation in telecom security. Looking forward to what’s next!</p><p><a href="https://infosec.exchange/tags/MWC25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MWC25</span></a> <a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/5GSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>5GSecurity</span></a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://infosec.exchange/tags/AIinTelecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIinTelecom</span></a> <a href="https://infosec.exchange/tags/P1Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P1Security</span></a></p>
Patrick Coyle<p>Bills Introduced – 12-12-24 – 70 bills – 10408, security challenges of Signaling System 7 protocol – <a href="https://tinyurl.com/4w5jux3k" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">tinyurl.com/4w5jux3k</span><span class="invisible"></span></a> <a href="https://qoto.org/tags/Legislation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Legislation</span></a> <a href="https://qoto.org/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a></p>
P1Security<p>🌐 P1 Security at GSMA FASG #30 🌐</p><p>P1 Security will be at the GSMA FASG #30 in Sophia Antipolis, France, from November 5th to 7th! </p><p>Representing us will be our Founder & CEO, Philippe Langlois, with over 30 years of network security expertise, and Martin Kacer, our Telecom Security Expert Researcher managing GSMA relations.</p><p>If you're interested in exploring security solutions for critical mobile infrastructure, discussing the latest in telcosec, or simply connecting, don’t hesitate to reach out. We’d love to meet you!</p><p><a href="https://infosec.exchange/tags/FASG30" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FASG30</span></a> <a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/GSMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSMA</span></a> <a href="https://infosec.exchange/tags/MobileNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileNetworks</span></a> <a href="https://infosec.exchange/tags/P1Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P1Security</span></a> <a href="https://infosec.exchange/tags/Networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Networking</span></a></p>
Alex Ivanovs<p>US Senate seeks clarification from AT&T over ‘easily preventable’ data breach</p><p><a href="https://stackdiary.com/us-senate-seeks-clarification-from-att-over-easily-preventable-data-breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">stackdiary.com/us-senate-seeks</span><span class="invisible">-clarification-from-att-over-easily-preventable-data-breach/</span></a></p><p><a href="https://mastodon.social/tags/ATT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATT</span></a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Snowflake" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Snowflake</span></a> <a href="https://mastodon.social/tags/Ransom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransom</span></a> <a href="https://mastodon.social/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitcoin</span></a> <a href="https://mastodon.social/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercrime</span></a> <a href="https://mastodon.social/tags/Telecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telecom</span></a> <a href="https://mastodon.social/tags/SensitiveData" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SensitiveData</span></a> <a href="https://mastodon.social/tags/USSenate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USSenate</span></a> <a href="https://mastodon.social/tags/CustomerData" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CustomerData</span></a> <a href="https://mastodon.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> <a href="https://mastodon.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.social/tags/TwoFactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TwoFactorAuthentication</span></a> <a href="https://mastodon.social/tags/Hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackers</span></a> <a href="https://mastodon.social/tags/CloudStorage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudStorage</span></a> <a href="https://mastodon.social/tags/IdentityTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IdentityTheft</span></a> <a href="https://mastodon.social/tags/Breach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Breach</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/Metadata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metadata</span></a> <a href="https://mastodon.social/tags/DigitalSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalSecurity</span></a> <a href="https://mastodon.social/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://mastodon.social/tags/DataLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataLeak</span></a> <a href="https://mastodon.social/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FBI</span></a> <a href="https://mastodon.social/tags/DOJ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DOJ</span></a> <a href="https://mastodon.social/tags/Blockchain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blockchain</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a></p>
Pyrzout :vm:<p>Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data <a href="https://gbhackers.com/hackers-vpns-exploit-restrictions-steal-data/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/hackers-vpns-exp</span><span class="invisible">loit-restrictions-steal-data/</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/VPNExploits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPNExploits</span></a> <a href="https://social.skynetcloud.site/tags/DataTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataTheft</span></a> <a href="https://social.skynetcloud.site/tags/vpn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vpn</span></a></p>
Rich Stein (he/him)<p>Surprise. No surprise. <br><a href="https://www.wsj.com/politics/national-security/china-internet-cables-repair-ships-93fd6320" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wsj.com/politics/national-secu</span><span class="invisible">rity/china-internet-cables-repair-ships-93fd6320</span></a><br>h/t <span class="h-card" translate="no"><a href="https://infosec.exchange/@metacurity" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>metacurity</span></a></span> <br><a href="https://infosec.exchange/@metacurity/112466444861614722" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@metacurity/1</span><span class="invisible">12466444861614722</span></a><br><a href="https://mastodon.social/tags/NationalSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationalSecurity</span></a> <a href="https://mastodon.social/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://mastodon.social/tags/telecommunications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecommunications</span></a> <a href="https://mastodon.social/tags/telecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecom</span></a> <a href="https://mastodon.social/tags/telecoms" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecoms</span></a> <a href="https://mastodon.social/tags/telecomsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecomsecurity</span></a></p>
ENISA<p>RT by <span class="h-card"><a href="https://respublicae.eu/@enisa_eu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>enisa_eu</span></a></span>: Erka Koivunen, CISO at Finavia - speaks about the evolution of crypto, at the ENISA Telecom security forum, here in Helsinki: "We are now in the golden age of encrypted communications." <a href="https://respublicae.eu/tags/telecomsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecomsecurity</span></a> <a href="https://respublicae.eu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> @ekoivune <span class="h-card"><a href="https://respublicae.eu/@enisa_eu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>enisa_eu</span></a></span></p><p>[2024-05-15 07:10 UTC]</p>
BSI<p>🚀 5G Security - entdecke pySCASso: Ein Python-Framework zur Automatisierung von GSMA NESAS SCAS Tests! Vom Team BSI entwickelt als Blaupause und Beispiel, lädt es zum Stöbern, zur Inspiration und zur Zusammenarbeit ein. Plattformunabhängig – Produktagnostische Testimplementierung - Minimalinvasiv. Besuche unser Projekt auf GitHub, um mehr zu erfahren und mitzuwirken: <a href="https://github.com/BSI-Bund/pySCASso" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/BSI-Bund/pySCASso</span><span class="invisible"></span></a> <a href="https://social.bund.de/tags/pySCASso" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pySCASso</span></a> <a href="https://social.bund.de/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"⚠️ Telecom Sector Under Siege: Over 1,500 RIPE NCC Network Credentials Leaked! ⚠️"</p><p>The telecom industry faces a severe threat as over 1,572 network operator credentials, including those from Orange España, were found circulating in the Dark Web. This follows a recent cyberattack on Orange España, involving a BGP hijack. The attack led to a service outage and revealed the risks associated with privileged network personnel. Cybersecurity firm Resecurity's scan discovered compromised accounts from RIPE, APNIC, AFRINIC, and LACNIC registries, emphasizing the urgent need for improved digital hygiene and robust security measures.</p><p>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalIdentity</span></a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://infosec.exchange/tags/DarkWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DarkWeb</span></a> <a href="https://infosec.exchange/tags/BGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BGP</span></a> <a href="https://infosec.exchange/tags/RPKI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RPKI</span></a> <a href="https://infosec.exchange/tags/Infostealers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infostealers</span></a></p><p>Source: <a href="https://www.resecurity.com/blog/article/hundreds-of-network-operators-credentials-found-circulating-in-dark-web" rel="nofollow noopener" target="_blank">Resecurity</a></p>
P1Security<p>The stark reality of cyber threats for telecom sectors is unfolding in Ukraine. Russian Sandworm hackers have breached 11 Ukrainian telcos since May, posing grave security concerns. Uncover the intricate details of these cyber onslaughts here:<br>Russian Sandworm hackers breached 11 Ukrainian telcos since May<br><a href="https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may/</span></a></p><p>CERT-UA: Peculiarities of destructive cyber attacks against Ukrainian providers<br><a href="https://cert.gov.ua/article/6123309" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cert.gov.ua/article/6123309</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://infosec.exchange/tags/UkraineTelecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UkraineTelecom</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🔍 Unveiling Sandman APT: The Silent Menace Targeting Global Telcos 🎯"</p><p>SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.</p><p>Source: <a href="https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/" rel="nofollow noopener" target="_blank">SentinelOne Labs</a></p><p>Tags: <a href="https://infosec.exchange/tags/SandmanAPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SandmanAPT</span></a> <a href="https://infosec.exchange/tags/LuaDream" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LuaDream</span></a> <a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberEspionage</span></a> <a href="https://infosec.exchange/tags/ThreatActor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatActor</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/LuaJIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LuaJIT</span></a> <a href="https://infosec.exchange/tags/SentinelLabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SentinelLabs</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> 🌐🔐🎯</p> <p>Indicators of Compromise (IoCs):</p><ul><li>Domains: mode.encagil[.]com, ssl.explorecell[.]com</li><li>File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib</li><li>SHA1: <ul><li>fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4</li><li>fax.Application: 27894955aaf082a606337ebe29d263263be52154</li><li>ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089</li><li>fax.cache: 77e00e3067f23df10196412f231e80cec41c5253</li><li>UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2</li><li>updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183</li><li>fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884</li></ul></li></ul> <p>Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.</p>
ENISA<p>RT @marnixdekker: We kicked off the <a href="https://respublicae.eu/tags/ENISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ENISA</span></a> Telecom security forum here in Lisbon - Trey Guinn @Cloudflare Field CTO, with a great talk about what is needed to have a secure global internet @treyguinn <span class="h-card"><a href="https://respublicae.eu/@enisa_eu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>enisa_eu</span></a></span> <a href="https://respublicae.eu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://respublicae.eu/tags/telecomsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecomsecurity</span></a> <a href="https://t.co/BvCQ8O6smK" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">t.co/BvCQ8O6smK</span><span class="invisible"></span></a></p><p> 🐦🔗: <a href="https://n.respublicae.eu/enisa_eu/status/1661323009674625029" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">n.respublicae.eu/enisa_eu/stat</span><span class="invisible">us/1661323009674625029</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload