#telecom-security — Public Fediverse posts

The FCC wants United States citizens to provide a valid ID to get a phone number.

I am providing multiple links to tell the whole story.

https://www.sgtreport.com/2026/05/the-fcc-wants-your-id-before-you-get-a-phone-number/

https://docs.fcc.gov/public/attachments/FCC-26-27A1.pdf

https://www.ecomm-alliance.org/blog/a-new-era-for-caller-id-and-consent/

#telecommunicationsindustry
#telecommunications
#TelecomInfrastructure
#telecomsecurity
#TelecommunicationsServicesIndustry
#knowyourcustomer
#fcc #fccpolicy #fccchairbrendancarr
#fccthreat

The FCC wants United States citizens to provide a valid ID to get a phone number.

I am providing multiple links to tell the whole story.

https://www.sgtreport.com/2026/05/the-fcc-wants-your-id-before-you-get-a-phone-number/

https://docs.fcc.gov/public/attachments/FCC-26-27A1.pdf

https://www.ecomm-alliance.org/blog/a-new-era-for-caller-id-and-consent/

#telecommunicationsindustry
#telecommunications
#TelecomInfrastructure
#telecomsecurity
#TelecommunicationsServicesIndustry
#knowyourcustomer
#fcc #fccpolicy #fccchairbrendancarr
#fccthreat

Citizen Lab exposes global telecom exploitation: multi-vector signalling & SIM-based tracking, operator infrastructure abused across 20+ countries; persistent campaigns reveal weak intercarrier OPSEC and urgent need for accountability. Read: https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/ 🔍📡 #Surveillance #TelecomSecurity
#Privacy #Security

Citizen Lab exposes global telecom exploitation: multi-vector signalling & SIM-based tracking, operator infrastructure abused across 20+ countries; persistent campaigns reveal weak intercarrier OPSEC and urgent need for accountability. Read: https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/ 🔍📡 #Surveillance #TelecomSecurity
#Privacy #Security

Odido confirms major breach:
• 688,102 accounts added to HIBP
• ~6M records potentially exposed
• ShinyHunters claims responsibility
• Ransom refused — data leaked in stages
Sensitive financial & identity data compromised.

Full details:
https://www.technadu.com/odido-data-breach-exposes-almost-690000-telecom-customer-accounts/621284/

#InfoSec #DataBreach #TelecomSecurity #CyberRisk

UNC3886 leveraged ORB infrastructure for stealthy telecom targeting.

Per Cyber Security Agency of Singapore:
• Zero-day firewall compromise
• Rootkit persistence mechanisms
• GOBRAT & TINYSHELL C2 nodes
• ORB-tagged IP clustering in Singapore ASNs
• NetFlow-confirmed router-to-ORB communications
• Pre-positioned reconnaissance

Attribution aligned with assessments from Mandiant linking activity to China-sponsored espionage.

ORB networks blur the line between botnets and residential proxy ecosystems, increasing attribution friction and collateral risk.

Defensive priorities:
• Threat intel enrichment
• Edge device patch enforcement
• ASN anomaly detection
• Zero-trust segmentation
• IoT telemetry visibility

How mature are ORB detection capabilities in your SOC?

Engage below.

Source: https://cyberpress.org/orb-networks-masks-attacks/

Follow @technadu for advanced threat analysis.

#ThreatIntel #UNC3886 #ORBNetworks #IoTSecurity #ZeroDay #C2Infrastructure #NetFlow #TelecomSecurity #BlueTeam #ThreatHunting #APTActivity #CyberOperations #Infosec

UNC3886 leveraged ORB infrastructure for stealthy telecom targeting.

Per Cyber Security Agency of Singapore:
• Zero-day firewall compromise
• Rootkit persistence mechanisms
• GOBRAT & TINYSHELL C2 nodes
• ORB-tagged IP clustering in Singapore ASNs
• NetFlow-confirmed router-to-ORB communications
• Pre-positioned reconnaissance

Attribution aligned with assessments from Mandiant linking activity to China-sponsored espionage.

ORB networks blur the line between botnets and residential proxy ecosystems, increasing attribution friction and collateral risk.

Defensive priorities:
• Threat intel enrichment
• Edge device patch enforcement
• ASN anomaly detection
• Zero-trust segmentation
• IoT telemetry visibility

How mature are ORB detection capabilities in your SOC?

Engage below.

Source: https://cyberpress.org/orb-networks-masks-attacks/

Follow @technadu for advanced threat analysis.

#ThreatIntel #UNC3886 #ORBNetworks #IoTSecurity #ZeroDay #C2Infrastructure #NetFlow #TelecomSecurity #BlueTeam #ThreatHunting #APTActivity #CyberOperations #Infosec

UNC3886 targeted Singapore’s telecom infrastructure, impacting Singtel, StarHub, M1 & Simba.

Limited access, small technical data exfiltration, no customer data exposed.

https://www.technadu.com/unc3886-cyber-espionage-group-linked-to-singapore-telecom-infrastructure-cyberattacks-singtel-starhub-m1-simba-telecom/619708/

What lessons should telecoms take from this?

#Infosec #APT #TelecomSecurity

Reporting indicates a prolonged telecom-focused intrusion campaign may have affected mobile communications of UK government aides, with attribution linked by U.S. sources to Salt Typhoon.

The case reinforces concerns around persistent access, metadata exposure, and call interception - particularly where legacy telecom systems intersect with modern threat actors.

From a defensive standpoint, where should governments prioritize: network hardening, endpoint security, or telecom architecture redesign?

Source: https://cybernews.com/cyber-war/salt-typhoon-hacked-phones-british-prime-ministers/

Join the discussion and follow @technadu for responsible threat reporting.

#ThreatIntelligence #TelecomSecurity #CyberEspionage #InfoSec #TechNadu

Brightspeed has acknowledged an ongoing investigation into alleged unauthorized access following claims made by a known threat group.

The case underscores the importance of evidence validation, controlled disclosures, and coordinated response when dealing with public claims of data exfiltration - especially in large telecom environments.

What best practices should guide organizations during claim-driven incident response?

Contribute your perspective and follow @technadu for objective infosec coverage.

#IncidentResponse #ThreatIntel #TelecomSecurity #CyberInvestigations #Infosec #DataProtection

KT femtocell security failures allowed device cloning, SMS interception, and $169K in fraud. South Korean police arrested 5 suspects; more warrants issued.

Details:
https://www.technadu.com/kt-telco-femtocell-flaws-exposed-customers-to-fraud-south-korean-police-arrested-five-individuals/617169/

#TelecomSecurity #Infosec #CyberCrime

Two former Cisco Networking Academy students have been linked to the Salt Typhoon campaign, which has compromised 80+ global telecom providers. Investigators say the attackers used technical skills learned directly from Cisco’s curriculum to target IOS and ASA devices.

This case reignites debate over whether corporate training programs in politically tense regions may inadvertently strengthen future threat actors.

Source: https://cybersecuritynews.com/chinese-hackers-attacking-cisco-devices/

Curious how the community views this risk.
Follow TechNadu for more verified cybersecurity reporting.

#CyberSecurity #Infosec #CiscoSecurity #ThreatIntel #SaltTyphoon #TelecomSecurity #SecurityResearch

Two former Cisco Networking Academy students have been linked to the Salt Typhoon campaign, which has compromised 80+ global telecom providers. Investigators say the attackers used technical skills learned directly from Cisco’s curriculum to target IOS and ASA devices.

This case reignites debate over whether corporate training programs in politically tense regions may inadvertently strengthen future threat actors.

Source: https://cybersecuritynews.com/chinese-hackers-attacking-cisco-devices/

Curious how the community views this risk.
Follow TechNadu for more verified cybersecurity reporting.

#CyberSecurity #Infosec #CiscoSecurity #ThreatIntel #SaltTyphoon #TelecomSecurity #SecurityResearch

DoT has clarified that the Telecom Cyber Security (TCS) Amendment Rules 2025 remain active, despite a duplicate Gazette publication being withdrawn.

The updates introduce MNV-based identity validation, enhanced IMEI verification for resold devices, and tighter coordination with TIUEs handling telecom identifiers - all with data-protection guardrails.

Thoughts from the security community on the practical impact?

Source: https://www.business-standard.com/industry/news/dot-withdraws-duplicate-notice-confirms-amended-cyber-security-rules-stand-125112700954_1.html

Follow @technadu for more vendor-neutral policy and infosec reporting.

#infosec #cybersecurity #telecomsecurity #DoT #DigitalIndia #fraudprevention #policy

DoT has clarified that the Telecom Cyber Security (TCS) Amendment Rules 2025 remain active, despite a duplicate Gazette publication being withdrawn.

The updates introduce MNV-based identity validation, enhanced IMEI verification for resold devices, and tighter coordination with TIUEs handling telecom identifiers - all with data-protection guardrails.

Thoughts from the security community on the practical impact?

Source: https://www.business-standard.com/industry/news/dot-withdraws-duplicate-notice-confirms-amended-cyber-security-rules-stand-125112700954_1.html

Follow @technadu for more vendor-neutral policy and infosec reporting.

#infosec #cybersecurity #telecomsecurity #DoT #DigitalIndia #fraudprevention #policy

The FCC has reversed a telecom security measure originally introduced after the Salt Typhoon intrusions.

Supporters cite authority and flexibility concerns; critics warn the shift may weaken protections around lawful intercept systems - longstanding targets of sophisticated threat actors.

💬 Thoughts on whether CALEA needs a modernized, standards-based framework?
👍 Follow @technadu for more infosec insights.

#Infosec #FCC #TelecomSecurity #CALEA #SaltTyphoon #Cybersecurity #CriticalInfrastructure #ThreatIntel #DigitalSafety

Ribbon Communications was breached by nation-state hackers who lurked undetected for months—revealing just how deep and stealthy modern cyber espionage can be. How vulnerable is our digital infrastructure?

https://thedefendopsdiaries.com/inside-the-ribbon-communications-breach-anatomy-of-a-nation-state-cyberattack/

#nationstateattack
#cyberespionage
#telecomsecurity
#cyberthreats
#ribboncommunications

Ribbon Communications was breached by nation-state hackers who lurked undetected for months—revealing just how deep and stealthy modern cyber espionage can be. How vulnerable is our digital infrastructure?

https://thedefendopsdiaries.com/inside-the-ribbon-communications-breach-anatomy-of-a-nation-state-cyberattack/

#nationstateattack
#cyberespionage
#telecomsecurity
#cyberthreats
#ribboncommunications

📞 Caller ID spoofing is now industrialized.
Europol urges a unified European framework to stop “spoofing-as-a-service” kits enabling large-scale impersonation scams.

Losses exceed €850M annually, with law enforcement calling for cross-border cooperation and technical standards to trace calls.
Can telecoms realistically close this gap - or do we need new protocols at the network level?

💬 Share your take & follow @technadu for more global cyber policy coverage.

#CyberSecurity #Europol #CallerIDSpoofing #TelecomSecurity #ThreatIntelligence #NetworkDefense #CyberPolicy #InfoSec

A global scam network renting out tens of thousands of phone numbers—Europol’s SIMCARTEL bust uncovered glaring telecom vulnerabilities and sparked international teamwork against cybercrime. How will this change our digital world?

https://thedefendopsdiaries.com/europols-simcartel-takedown-a-blueprint-for-global-cybercrime-defense/

#cybercrime
#europol
#telecomsecurity
#publicprivatepartnership
#infosec
#simbox
#cybersecurity
#lawenforcement
#forensicanalysis

A global scam network renting out tens of thousands of phone numbers—Europol’s SIMCARTEL bust uncovered glaring telecom vulnerabilities and sparked international teamwork against cybercrime. How will this change our digital world?

https://thedefendopsdiaries.com/europols-simcartel-takedown-a-blueprint-for-global-cybercrime-defense/

#cybercrime
#europol
#telecomsecurity
#publicprivatepartnership
#infosec
#simbox
#cybersecurity
#lawenforcement
#forensicanalysis

Orange Belgium’s cyberattack hit 850,000 accounts and exposed SIM unlock codes—an alarming wake-up call for telecom security. Think your phone data is safe? Discover the full story.

https://thedefendopsdiaries.com/orange-belgium-cyberattack-a-wake-up-call-for-telecom-security/

#cybersecurity
#telecomsecurity
#databreach
#orangecyberattack
#infosectrends

Weekly output: Ford’s EV strategy, Open RAN security risks, Waymo + Spotify

After a week and a half on the West Coast that began with Black Hat, I can now turn my attention to catching up on the talks I had to skip at that conference, since on-demand video is now available for all but a handful of its sessions. Video of some DEF CON talks is also now starting to pop up, and I’m looking forward in particular to seeing the Voting Village talks that I missed because I bugged out of Vegas Friday afternoon of that week.

Patreon readers got a recap of Black Hat that included some observations about Washington’s wilted presence at this security conference and the generally skeptical take of conference speakers on AI hype.

8/11/2025: Ford Announces $5B Plan to Make EVs Cheaper, Starting With $30,000 Pickup, PCMag

With PCMag’s automotive writer traveling, I stepped in to write this breakdown of the automaker’s ambitious plan to reinvent electric-vehicle production. I hope Ford can deliver on this, and I hope the coming family of cheaper EVs will include a four-door hatchback (even if they call it an SUV or a crossover because it’s a little taller than a sedan).

8/14/2025: Researchers recap some security downsides to open RAN, Light Reading

This Black Hat briefing on Thursday of the previous week about possible vulnerabilites in Open RAN (Radio Access Network) sites went much deeper in the weeds than I usually get when covering telecom infrastructure. So I took an extra couple of days to look over the presentation again, read the reports linked to from it, listen again to my recording of the session, and briefly quiz researchers Tianchang Yang and Kai Tu over e-mail. And then I somehow typed two numbers wrong in the same graf, both of which I’d had correct in my notes. Fortunately, my editor quickly fixed those flubs after Yang brought them to my attention.

8/16/2025: Waymo Picks Up Spotify: Cue Up Personal Playlists on Robotaxi Rides, PCMag

I found out about this change to the Waymo ride experience not from one of that Alphabet subsidiary’s social-media posts, a note from any of its publicists, or an announcement on its site, but from an e-mail I got as a Waymo customer Friday morning. I felt a little bad learning that Waymo had posted this news on four different social platforms Tuesday, but then I realized that earlier news coverage had not mentioned Waymo’s removal of online documentation about an older, jankier way to play music from your phone through a Waymo robotaxi’s speakers.

#5G #BlackHat #correction #electricCars #electricVehicles #EVs #Ford #OpenRAN #robotaxi #Spotify #streamingMusic #telecomSecurity #Waymo

Weekly output: Ford’s EV strategy, Open RAN security risks, Waymo + Spotify

After a week and a half on the West Coast that began with Black Hat, I can now turn my attention to catching up on the talks I had to skip at that conference, since on-demand video is now available for all but a handful of its sessions. Video of some DEF CON talks is also now starting to pop up, and I’m looking forward in particular to seeing the Voting Village talks that I missed because I bugged out of Vegas Friday afternoon of that week.

Patreon readers got a recap of Black Hat that included some observations about Washington’s wilted presence at this security conference and the generally skeptical take of conference speakers on AI hype.

8/11/2025: Ford Announces $5B Plan to Make EVs Cheaper, Starting With $30,000 Pickup, PCMag

With PCMag’s automotive writer traveling, I stepped in to write this breakdown of the automaker’s ambitious plan to reinvent electric-vehicle production. I hope Ford can deliver on this, and I hope the coming family of cheaper EVs will include a four-door hatchback (even if they call it an SUV or a crossover because it’s a little taller than a sedan).

8/14/2025: Researchers recap some security downsides to open RAN, Light Reading

This Black Hat briefing on Thursday of the previous week about possible vulnerabilites in Open RAN (Radio Access Network) sites went much deeper in the weeds than I usually get when covering telecom infrastructure. So I took an extra couple of days to look over the presentation again, read the reports linked to from it, listen again to my recording of the session, and briefly quiz researchers Tianchang Yang and Kai Tu over e-mail. And then I somehow typed two numbers wrong in the same graf, both of which I’d had correct in my notes. Fortunately, my editor quickly fixed those flubs after Yang brought them to my attention.

8/16/2025: Waymo Picks Up Spotify: Cue Up Personal Playlists on Robotaxi Rides, PCMag

I found out about this change to the Waymo ride experience not from one of that Alphabet subsidiary’s social-media posts, a note from any of its publicists, or an announcement on its site, but from an e-mail I got as a Waymo customer Friday morning. I felt a little bad learning that Waymo had posted this news on four different social platforms Tuesday, but then I realized that earlier news coverage had not mentioned Waymo’s removal of online documentation about an older, jankier way to play music from your phone through a Waymo robotaxi’s speakers.

#5G #BlackHat #correction #electricCars #electricVehicles #EVs #Ford #OpenRAN #robotaxi #Spotify #streamingMusic #telecomSecurity #Waymo

Vodafone just got hit with a €51M fine over bogus contracts by shady partner agencies. How deep do these security breaches really go—and what does it mean for your data?

https://thedefendopsdiaries.com/vodafone-fined-for-data-breaches-a-wake-up-call-for-telecoms/

#vodafone
#databreach
#telecomsecurity
#gdprcompliance
#cybersecurity

SK Telecom fell victim to a silent three-year cyberattack that exposed millions of users—thanks to a single web shell. How did such a massive breach slip by for so long, and what does it mean for our data security?

https://thedefendopsdiaries.com/understanding-the-sk-telecom-data-breach-lessons-and-future-preparations/

#sktelecombreach
#cybersecurity
#databreach
#infosec
#telecomsecurity

O2 UK's VoLTE and WiFi Calling security breach could let hackers intercept your call data and track your location. How safe are your conversations? Dive into the details now.

https://thedefendopsdiaries.com/security-flaw-in-o2-uks-volte-and-wifi-calling-a-call-for-enhanced-protection/

#volte
#wifi-calling
#telecomsecurity
#encryptionflaw
#userprivacy

The FBI is sounding the alarm: state-backed hackers are using custom malware and zero-day exploits to slip past telecom defenses. How are these tactics evading detection, and what does it mean for our security? Read more.

https://thedefendopsdiaries.com/unmasking-salt-typhoon-the-cyber-threat-to-telecom-networks/

#salt_typhoon
#cybersecurity
#telecomsecurity
#apt
#malware

The FBI is sounding the alarm: state-backed hackers are using custom malware and zero-day exploits to slip past telecom defenses. How are these tactics evading detection, and what does it mean for our security? Read more.

https://thedefendopsdiaries.com/unmasking-salt-typhoon-the-cyber-threat-to-telecom-networks/

#salt_typhoon
#cybersecurity
#telecomsecurity
#apt
#malware

What if hackers could track your team’s movements, calls, and even financial activity—without ever breaching your network?

In this clip from our latest episode of Cyberside Chats, LMG’s @sherridavidoff and @MDurrin reveal how nation-state actors are using telecom metadata to launch targeted attacks—and what IT leaders can do about it.

Watch the full video to discover key prevention tactics, including stronger authentication for financial transactions, identifying spoofed calls and texts, and securing third-party telecom providers.

📺 Watch the full episode: https://youtu.be/Lyiwx6upd8E
🎧 Listen to the podcast: https://www.chatcyberside.com/e/the-title-of-cschats_11_-_ep_11_-_03_07_25_final_v2_mp3abb2v/?token=36d8802181f520acca954d7188659807

#Cybersecurity #TelecomSecurity #Metadata #Spoofing #LMGSecurity #CybersideChats #Infosec #NationStateThreats #SecurityAwareness #CISO #hacker #infosec #security #riskmanagement

US Senate seeks clarification from AT&T over ‘easily preventable’ data breach

https://stackdiary.com/us-senate-seeks-clarification-from-att-over-easily-preventable-data-breach/

#ATT #DataBreach #Cybersecurity #Hacking #Privacy #Security #Snowflake #Ransom #Bitcoin #Cybercrime #Telecom #SensitiveData #USSenate #CustomerData #DataProtection #Encryption #Malware #TwoFactorAuthentication #Hackers #CloudStorage #IdentityTheft #Breach #TechNews #Metadata #DigitalSecurity #TelecomSecurity #DataLeak #FBI #DOJ #Blockchain #Infosec

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data https://gbhackers.com/hackers-vpns-exploit-restrictions-steal-data/ #CyberSecurityNews #TelecomSecurity #cybersecurity #VPNExploits #DataTheft #vpn

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data https://gbhackers.com/hackers-vpns-exploit-restrictions-steal-data/ #CyberSecurityNews #TelecomSecurity #cybersecurity #VPNExploits #DataTheft #vpn

RT by @enisa_eu: Erka Koivunen, CISO at Finavia - speaks about the evolution of crypto, at the ENISA Telecom security forum, here in Helsinki: "We are now in the golden age of encrypted communications." #telecomsecurity #cybersecurity @ekoivune @enisa_eu

[2024-05-15 07:10 UTC]

RT by @enisa_eu: Erka Koivunen, CISO at Finavia - speaks about the evolution of crypto, at the ENISA Telecom security forum, here in Helsinki: "We are now in the golden age of encrypted communications." #telecomsecurity #cybersecurity @ekoivune @enisa_eu

[2024-05-15 07:10 UTC]

Today is starting the 13th edition of GISEC GLOBAL, the Middle East and Africa’s largest cybersecurity event. 🛡 🤝 Join us there with other industry leaders, startups, and experts to drive innovation in cybersecurity.

#GISECGLOBAL #CybersecurityEvent #GISEC2024 #DubaiCybersecurity #MEAcybersecurity #CyberInnovation #CyberTechExpo #CISOsUnite #CyberSecLeaders #BFSIcyber #OilGasCyber #TelecomSecurity #DefenceCyber #CyberCompetitions #HackDemonstrations #CyberInsights

https://www.relianoid.com/about-us/events/gisec-global-dubai-2024/

🚀 5G Security - entdecke pySCASso: Ein Python-Framework zur Automatisierung von GSMA NESAS SCAS Tests! Vom Team BSI entwickelt als Blaupause und Beispiel, lädt es zum Stöbern, zur Inspiration und zur Zusammenarbeit ein. Plattformunabhängig – Produktagnostische Testimplementierung - Minimalinvasiv. Besuche unser Projekt auf GitHub, um mehr zu erfahren und mitzuwirken: https://github.com/BSI-Bund/pySCASso #pySCASso #TelecomSecurity

🚀 5G Security - entdecke pySCASso: Ein Python-Framework zur Automatisierung von GSMA NESAS SCAS Tests! Vom Team BSI entwickelt als Blaupause und Beispiel, lädt es zum Stöbern, zur Inspiration und zur Zusammenarbeit ein. Plattformunabhängig – Produktagnostische Testimplementierung - Minimalinvasiv. Besuche unser Projekt auf GitHub, um mehr zu erfahren und mitzuwirken: https://github.com/BSI-Bund/pySCASso #pySCASso #TelecomSecurity

"🔍 Unveiling Sandman APT: The Silent Menace Targeting Global Telcos 🎯"

SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.

Source: SentinelOne Labs

Tags: #SandmanAPT #LuaDream #TelecomSecurity #CyberEspionage #ThreatActor #CyberSecurity #LuaJIT #SentinelLabs #APT 🌐🔐🎯

Indicators of Compromise (IoCs):

• Domains: mode.encagil[.]com, ssl.explorecell[.]com
• File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib
• SHA1:
  • fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4
  • fax.Application: 27894955aaf082a606337ebe29d263263be52154
  • ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089
  • fax.cache: 77e00e3067f23df10196412f231e80cec41c5253
  • UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2
  • updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183
  • fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884

Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.

"🔍 Unveiling Sandman APT: The Silent Menace Targeting Global Telcos 🎯"

SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.

Source: SentinelOne Labs

Tags: #SandmanAPT #LuaDream #TelecomSecurity #CyberEspionage #ThreatActor #CyberSecurity #LuaJIT #SentinelLabs #APT 🌐🔐🎯

Indicators of Compromise (IoCs):

• Domains: mode.encagil[.]com, ssl.explorecell[.]com
• File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib
• SHA1:
  • fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4
  • fax.Application: 27894955aaf082a606337ebe29d263263be52154
  • ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089
  • fax.cache: 77e00e3067f23df10196412f231e80cec41c5253
  • UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2
  • updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183
  • fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884

Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.

RT @marnixdekker: We kicked off the #ENISA Telecom security forum here in Lisbon - Trey Guinn @Cloudflare Field CTO, with a great talk about what is needed to have a secure global internet @treyguinn @enisa_eu #cybersecurity #telecomsecurity https://t.co/BvCQ8O6smK

🐦🔗: https://n.respublicae.eu/enisa_eu/status/1661323009674625029

RT @marnixdekker: We kicked off the #ENISA Telecom security forum here in Lisbon - Trey Guinn @Cloudflare Field CTO, with a great talk about what is needed to have a secure global internet @treyguinn @enisa_eu #cybersecurity #telecomsecurity https://t.co/BvCQ8O6smK

🐦🔗: https://n.respublicae.eu/enisa_eu/status/1661323009674625029