GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks

Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges GRX The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol GTP for command-and-control C2 communications. GPRS...

A new rootkit comes to an ATM near you

Its not unusual to hear about malware created to affect automated teller machines ATMs. Malware can be planted at the ATMs PC or its network, or attackers could launch a Man-in-the-Middle MiTM attack. Recently, a new rootkit, which the Mandiant Advanced Practices team have named CAKETAP, was foun...

Nation-State Attacker of Telecommunications Networks

Someone has been hacking telecommunications networks around the world: LightBasin aka UNC1945 is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications...

LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019

A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata. "The nature of the...