Cyber Risk in the Telecommunications Sector
Understand more about cyber risk in this sector.
Cyber Risk Graph
Explore how this sector relates to the wider risk graph
Threat Reports
Publicly available threat reporting on cyber attacks against Telecommunications.
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...
APT45: North Korea’s Digital Military Machine
This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...
ANALYSIS OF THE APT31 INDICTMENT
Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...
APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation
This 2022 report by researchers at FireEye threat intelligence outlines the intrusion set they designate as APT41. They describe the group as 'a ...
Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide
This presentation from TeamT5 describes the intrusion set they refer to as TeleBoyi and was presented at JPCERT's JSAC2024 conference on January ...
The Operations of Winnti group
This report from researchers at NTT describes activity which they attribute to the Winnti Group (who they refer to as ENT-1) and identify overlaps ...
AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine
This blog post by researchers at SentinelLabs describes a new variant of the AcidRain malware which they call AcidPour. The report includes ...
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
This Cybersecurity Advisory from CISA and partners details activities of the People's Republic of China (PRC)-linked cyber actors known as ...
GhostSec’s joint ransomware operation and evolution of their arsenal
This Threat Spotlight from Cisco Talos describes the evolution of GhostSec's ransomware operations including their work with the Stormous ...
I-Soon leak: KELA’s insights
This blog post outlines KELA's analysis of the 2024 I-SOON data leak. According to the article, I-Soon had relationships with Chinese governmental ...
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
This report from Recorded Future's Insikt Group outlines activity by the Red Hotel intrusion set. RedHotel is identified as a prominent Chinese ...
Winter Vivern: Uncovering a Wave of Global Espionage
SentinelLabs conducted an investigation into the Winter Vivern Advanced Persistent Threat (APT) group, in part leveraging observations made by The ...
VOLTZITE Espionage Operations Targeting U.S. Critical Systems
This report details activity related to the VOLTZITE intrusion set as observed by Dragos. The report identifies sectors and geographies targeted ...
Putter Panda Intelligence Report
This intelligence report published by CrowdStrike outlines cyber espionage activity against Western companies which they attribute to Putter ...
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Following an initial advisory issued in May 2023, this advisory from CISA, NSA and partners outlines information on the broader campaign of cyber ...
APT1: Exposing One of China's Cyber Espionage Units
The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use against Telecommunications.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1014 | Rootkit | Defense Evasion |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1003 | OS Credential Dumping | Credential Access |
| T1071 | Application Layer Protocol | Command and Control |
| T1036 | Masquerading | Defense Evasion |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1070.006 | Timestomp | Defense Evasion |
| T1601.001 | Patch System Image | Defense Evasion |
| T1199 | Trusted Relationship | Initial Access |
| T1021.004 | SSH | Lateral Movement |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1588.003 | Code Signing Certificates | Resource Development |
| T1090 | Proxy | Command and Control |
| T1562 | Impair Defenses | Defense Evasion |
| T1562.003 | Impair Command History Logging | Defense Evasion |
| T1112 | Modify Registry | Defense Evasion |
| T1205 | Traffic Signaling | Command and Control, Defense Evasion, Persistence |
| T1486 | Data Encrypted for Impact | Impact |
| T1204 | User Execution | Execution |
| T1569.002 | Service Execution | Execution |
| T1560 | Archive Collected Data | Collection |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1140 | Deobfuscate/Decode Files or Information | Defense Evasion |
| T1010 | Application Window Discovery | Discovery |
| T1059 | Command and Scripting Interpreter | Execution |
| T1090.001 | Internal Proxy | Command and Control |
| T1564.001 | Hidden Files and Directories | Defense Evasion |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1106 | Native API | Execution |
| T1202 | Indirect Command Execution | Defense Evasion |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1021 | Remote Services | Lateral Movement |
| T1074 | Data Staged | Collection |
| T1561 | Disk Wipe | Impact |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1129 | Shared Modules | Execution |
| T1485 | Data Destruction | Impact |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1584.004 | Server | Resource Development |
| T1553.002 | Code Signing | Defense Evasion |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1071.001 | Web Protocols | Command and Control |
| T1595.002 | Vulnerability Scanning | Reconnaissance |
| T1090.002 | External Proxy | Command and Control |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1505.003 | Web Shell | Persistence |
| T1583.003 | Virtual Private Server | Resource Development |
| T1583.001 | Domains | Resource Development |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1592 | Gather Victim Host Information | Reconnaissance |
| T1090.003 | Multi-hop Proxy | Command and Control |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1573 | Encrypted Channel | Command and Control |
| T1113 | Screen Capture | Collection |
| T1560.001 | Archive via Utility | Collection |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1550 | Use Alternate Authentication Material | Defense Evasion, Lateral Movement |
| T1021.007 | Cloud Services | Lateral Movement |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1124 | System Time Discovery | Discovery |
| T1007 | System Service Discovery | Discovery |
| T1033 | System Owner/User Discovery | Discovery |
| T1016.001 | Internet Connection Discovery | Discovery |
| T1614 | System Location Discovery | Discovery |
| T1082 | System Information Discovery | Discovery |
| T1518 | Software Discovery | Discovery |
| T1012 | Query Registry | Discovery |
| T1057 | Process Discovery | Discovery |
| T1069 | Permission Groups Discovery | Discovery |
| T1120 | Peripheral Device Discovery | Discovery |
| T1046 | Network Service Discovery | Discovery |
| T1654 | Log Enumeration | Discovery |
| T1083 | File and Directory Discovery | Discovery |
| T1217 | Browser Information Discovery | Discovery |
| T1087.001 | Local Account | Discovery |
| T1552.004 | Private Keys | Credential Access |
| T1552 | Unsecured Credentials | Credential Access |
| T1003.003 | NTDS | Credential Access |
| T1003.001 | LSASS Memory | Credential Access |
| T1555.003 | Credentials from Web Browsers | Credential Access |
| T1555 | Credentials from Password Stores | Credential Access |
| T1110.002 | Password Cracking | Credential Access |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1027.002 | Software Packing | Defense Evasion |
| T1070.004 | File Deletion | Defense Evasion |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1070.009 | Clear Persistence | Defense Evasion |
| T1006 | Direct Volume Access | Defense Evasion |
| T1047 | Windows Management Instrumentation | Execution |
| T1059.004 | Unix Shell | Execution |
| T1059.001 | PowerShell | Execution |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1588.005 | Exploits | Resource Development |
| T1587.004 | Exploits | Resource Development |
| T1584.005 | Botnet | Resource Development |
| T1594 | Search Victim-Owned Websites | Reconnaissance |
| T1593 | Search Open Websites/Domains | Reconnaissance |
| T1591 | Gather Victim Org Information | Reconnaissance |
| T1590 | Gather Victim Network Information | Reconnaissance |
| T1589.002 | Email Addresses | Reconnaissance |
| T1589 | Gather Victim Identity Information | Reconnaissance |