𝐒𝐒7 𝐄𝐱𝐩𝐥𝐨𝐢𝐭 𝐒𝐨𝐥𝐝 𝐎𝐧𝐥𝐢𝐧𝐞: 𝐔𝐧𝐬𝐞𝐜𝐮𝐫𝐞𝐝 𝐆𝐚𝐭𝐞𝐰𝐚𝐲𝐬 𝐁𝐚𝐜𝐤 𝐢𝐧 𝐭𝐡𝐞 𝐒𝐩𝐨𝐭𝐥𝐢𝐠𝐡𝐭

A recent dark web listing is offering access to an SS7 gateway for $5000, enabling SMS interception, location tracking, and call surveillance. While it’s unclear how legitimate the offer is, the risk is real: unsecured SS7 entry points still exist—and are still being sold.

𝐖𝐡𝐲 𝐢𝐭 𝐦𝐚𝐭𝐭𝐞𝐫𝐬:

- Legacy telecom gateways are vulnerable, especially if left unmonitored.

- Threat actors can abuse signaling to bypass 2FA, monitor targets, or exfiltrate sensitive data.

- Operators must act before regulators or adversaries do.

P1 Security protects mobile networks by detecting and blocking malicious SS7 activity in real time, before exploits take hold.

Understand how attackers exploit SS7 and how to stop them:

𝐆𝐞𝐭 𝐏1 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲'𝐬 𝐫𝐞𝐬𝐞𝐚𝐫𝐜𝐡 𝐖𝐡𝐢𝐭𝐞𝐩𝐚𝐩𝐞𝐫 – “𝐒𝐒7 𝐀𝐭𝐭𝐚𝐜𝐤𝐞𝐫 𝐇𝐞𝐚𝐯𝐞𝐧 𝐓𝐮𝐫𝐧𝐬 𝐢𝐧𝐭𝐨 𝐑𝐢𝐨𝐭”: https://www.p1sec.com/white-paper/ss7-attacker-heaven-turns-into-riot-presentation

The FBI is sounding the alarm: state-backed hackers are using custom malware and zero-day exploits to slip past telecom defenses. How are these tactics evading detection, and what does it mean for our security? Read more.

https://thedefendopsdiaries.com/unmasking-salt-typhoon-the-cyber-threat-to-telecom-networks/

#salt_typhoon
#cybersecurity
#telecomsecurity
#apt
#malware

Last week, P1 Security was at MWC Barcelona, connecting with industry leaders to discuss the latest in mobile network security. From #5G vulnerabilities to #AI driven cyber threats, the conversations emphasized the need for advanced attack surface management, intrusion detection, and threat intelligence solutions.

A special thank you to Business France for their incredible support and organization throughout the event.

A huge thank you to our #partners, #customers, and industry #peers who joined us to exchange insights and drive innovation in telecom security. Looking forward to what’s next!

Bills Introduced – 12-12-24 – 70 bills – 10408, security challenges of Signaling System 7 protocol – https://tinyurl.com/4w5jux3k #Legislation #TelecomSecurity

P1 Security at GSMA FASG #30

P1 Security will be at the GSMA FASG #30 in Sophia Antipolis, France, from November 5th to 7th!

Representing us will be our Founder & CEO, Philippe Langlois, with over 30 years of network security expertise, and Martin Kacer, our Telecom Security Expert Researcher managing GSMA relations.

If you're interested in exploring security solutions for critical mobile infrastructure, discussing the latest in telcosec, or simply connecting, don’t hesitate to reach out. We’d love to meet you!

US Senate seeks clarification from AT&T over ‘easily preventable’ data breach

https://stackdiary.com/us-senate-seeks-clarification-from-att-over-easily-preventable-data-breach/

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data https://gbhackers.com/hackers-vpns-exploit-restrictions-steal-data/ #CyberSecurityNews #TelecomSecurity #cybersecurity #VPNExploits #DataTheft #vpn

Surprise. No surprise.
https://www.wsj.com/politics/national-security/china-internet-cables-repair-ships-93fd6320
h/t @metacurity
https://infosec.exchange/@metacurity/112466444861614722
#NationalSecurity #China #telecommunications #telecom #telecoms #telecomsecurity

RT by @enisa_eu: Erka Koivunen, CISO at Finavia - speaks about the evolution of crypto, at the ENISA Telecom security forum, here in Helsinki: "We are now in the golden age of encrypted communications." #telecomsecurity #cybersecurity @ekoivune @enisa_eu

[2024-05-15 07:10 UTC]

5G Security - entdecke pySCASso: Ein Python-Framework zur Automatisierung von GSMA NESAS SCAS Tests! Vom Team BSI entwickelt als Blaupause und Beispiel, lädt es zum Stöbern, zur Inspiration und zur Zusammenarbeit ein. Plattformunabhängig – Produktagnostische Testimplementierung - Minimalinvasiv. Besuche unser Projekt auf GitHub, um mehr zu erfahren und mitzuwirken: https://github.com/BSI-Bund/pySCASso #pySCASso #TelecomSecurity

" Telecom Sector Under Siege: Over 1,500 RIPE NCC Network Credentials Leaked! "

The telecom industry faces a severe threat as over 1,572 network operator credentials, including those from Orange España, were found circulating in the Dark Web. This follows a recent cyberattack on Orange España, involving a BGP hijack. The attack led to a service outage and revealed the risks associated with privileged network personnel. Cybersecurity firm Resecurity's scan discovered compromised accounts from RIPE, APNIC, AFRINIC, and LACNIC registries, emphasizing the urgent need for improved digital hygiene and robust security measures.

Tags: #CyberSecurity #TelecomSecurity #DigitalIdentity #DataBreach #DarkWeb #BGP #RPKI #Infostealers

Source: Resecurity

The stark reality of cyber threats for telecom sectors is unfolding in Ukraine. Russian Sandworm hackers have breached 11 Ukrainian telcos since May, posing grave security concerns. Uncover the intricate details of these cyber onslaughts here:
Russian Sandworm hackers breached 11 Ukrainian telcos since May
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may/

CERT-UA: Peculiarities of destructive cyber attacks against Ukrainian providers
https://cert.gov.ua/article/6123309

" Unveiling Sandman APT: The Silent Menace Targeting Global Telcos "

SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.

Source: SentinelOne Labs

Tags: #SandmanAPT #LuaDream #TelecomSecurity #CyberEspionage #ThreatActor #CyberSecurity #LuaJIT #SentinelLabs #APT

Indicators of Compromise (IoCs):

• Domains: mode.encagil[.]com, ssl.explorecell[.]com
• File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib
• SHA1:
  • fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4
  • fax.Application: 27894955aaf082a606337ebe29d263263be52154
  • ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089
  • fax.cache: 77e00e3067f23df10196412f231e80cec41c5253
  • UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2
  • updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183
  • fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884

Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.

RT @marnixdekker: We kicked off the #ENISA Telecom security forum here in Lisbon - Trey Guinn @Cloudflare Field CTO, with a great talk about what is needed to have a secure global internet @treyguinn @enisa_eu #cybersecurity #telecomsecurity https://t.co/BvCQ8O6smK

: https://n.respublicae.eu/enisa_eu/status/1661323009674625029