'Greenbug' hacking group hits three telecom firms in Pakistan | World Defense

'Greenbug' hacking group hits three telecom firms in Pakistan

BATMAN

THINK TANK
Joined
Dec 20, 2017
Messages
1,892
Reactions
1,697 47 0
Country
Pakistan
Location
Pakistan
'Greenbug' hacking group hits three telecom firms in Pakistan

Written by Sean Lyngaas
MAY 19, 2020 | CYBERSCOOP
For the past several months, suspected Iranian hackers have been rooting around the IT systems of at least three telecommunications companies in Pakistan, accessing data servers when it suits them, according to cybersecurity company Symantec.
The report, published Tuesday, points the finger at a group called Greenbug, which used virtual “tunnels” to quietly stay connected to victim machines. The telecom data offered a trove of information to spy on targets in Pakistan, and the hackers were determined to access the companies’ networks.
“As we would close one door, they would attempt to come back through another,” said Jon DiMaggio, senior cyberthreat analyst at the Symantec Enterprise Division, recalling Greenbug’s drive to stay on the Pakistani telecom companies’ networks after being discovered.
Analysts told CyberScoop that the report is another example of the challenges some telecom providers have in keeping spies out of their networks. Eighteen different hacking groups linked to various governments went after telecom companies in 2019, according to Symantec. Other analysts have reported similarly rampant activity. In one case, suspected Chinese spies breached about 10 cellular providers in Africa, Europe, the Middle East and Asia.
While U.S. telecom giants like AT&T and Verizon can invest heavily in countering such hacking threats, not all telecom providers around the world have the same resources. Some are adequately trained and resourced to repel attacks, while others are easier targets, said Adam Meyers, CrowdStrike’s vice president of intelligence.
If cyber-espionage groups do manage to burrow into a telecom network undetected, Myers added, “then you have lots of different targets you can collect on. It’s more bang for their buck.”
Hackers associated with the Iranian government are perhaps best known for data-destroying attacks like the 2012 assault against oil giant Saudi Aramco, which damaged tens of thousands of computers. But groups like Greenbug have made a living in quietly infiltrating telecom firms in the Middle East and South Asia. And they’re not the only hacking team linked with Tehran to do so.
“It’s likely a high priority intelligence requirement for several teams to target telcos in the Middle East given the value of the data and the country’s national security objectives,” said Saher Naumaan, a senior threat intelligence analyst at BAE Systems focused on Iran-linked groups.
The spying has gone beyond traditional phone companies to include managed service providers, the remote networking vendors that so many companies around the world rely on. Another suspected Iranian espionage group, Tortoiseshell, targeted several IT providers with clients in Saudi Arabia last year.
As the cat-and-mouse games between spies and telecom firms continue, researchers hope to catch the hackers more quickly after they compromise networks. They have their work cut out for them. The amount of intelligence targets that rely on a given telecom network — whether dissidents or foreign diplomats — means those networks will continue be in the crosshairs, Meyers said.
 

Khafee

Administrator
Staff member
Joined
Nov 17, 2017
Messages
12,324
Reactions
24,463 1,293 0
'Greenbug' hacking group hits three telecom firms in Pakistan

Written by Sean Lyngaas
MAY 19, 2020 | CYBERSCOOP
For the past several months, suspected Iranian hackers have been rooting around the IT systems of at least three telecommunications companies in Pakistan, accessing data servers when it suits them, according to cybersecurity company Symantec.
The report, published Tuesday, points the finger at a group called Greenbug, which used virtual “tunnels” to quietly stay connected to victim machines. The telecom data offered a trove of information to spy on targets in Pakistan, and the hackers were determined to access the companies’ networks.
“As we would close one door, they would attempt to come back through another,” said Jon DiMaggio, senior cyberthreat analyst at the Symantec Enterprise Division, recalling Greenbug’s drive to stay on the Pakistani telecom companies’ networks after being discovered.
Analysts told CyberScoop that the report is another example of the challenges some telecom providers have in keeping spies out of their networks. Eighteen different hacking groups linked to various governments went after telecom companies in 2019, according to Symantec. Other analysts have reported similarly rampant activity. In one case, suspected Chinese spies breached about 10 cellular providers in Africa, Europe, the Middle East and Asia.
While U.S. telecom giants like AT&T and Verizon can invest heavily in countering such hacking threats, not all telecom providers around the world have the same resources. Some are adequately trained and resourced to repel attacks, while others are easier targets, said Adam Meyers, CrowdStrike’s vice president of intelligence.
If cyber-espionage groups do manage to burrow into a telecom network undetected, Myers added, “then you have lots of different targets you can collect on. It’s more bang for their buck.”
Hackers associated with the Iranian government are perhaps best known for data-destroying attacks like the 2012 assault against oil giant Saudi Aramco, which damaged tens of thousands of computers. But groups like Greenbug have made a living in quietly infiltrating telecom firms in the Middle East and South Asia. And they’re not the only hacking team linked with Tehran to do so.
“It’s likely a high priority intelligence requirement for several teams to target telcos in the Middle East given the value of the data and the country’s national security objectives,” said Saher Naumaan, a senior threat intelligence analyst at BAE Systems focused on Iran-linked groups.
The spying has gone beyond traditional phone companies to include managed service providers, the remote networking vendors that so many companies around the world rely on. Another suspected Iranian espionage group, Tortoiseshell, targeted several IT providers with clients in Saudi Arabia last year.
As the cat-and-mouse games between spies and telecom firms continue, researchers hope to catch the hackers more quickly after they compromise networks. They have their work cut out for them. The amount of intelligence targets that rely on a given telecom network — whether dissidents or foreign diplomats — means those networks will continue be in the crosshairs, Meyers said.
Any idea which 3?
 

BATMAN

THINK TANK
Joined
Dec 20, 2017
Messages
1,892
Reactions
1,697 47 0
Country
Pakistan
Location
Pakistan
Reports says 3 major telecom firms.
It's being reported on international media and than later picked up by local social media, whereas sold out of Imran Khan is totally quite on it.
No tweets, no foreign office statements... clearly reflects Pakistan is in hands of Iranian puppies.
 

Khafee

Administrator
Staff member
Joined
Nov 17, 2017
Messages
12,324
Reactions
24,463 1,293 0
Reports says 3 major telecom firms.
It's being reported on international media and than later picked up by local social media, whereas sold out of Imran Khan is totally quite on it.
No tweets, no foreign office statements... clearly reflects Pakistan is in hands of Iranian puppies.
Ik & SMH's tilt towards Iran is rather disappointing, lets see how long it lasts.
 

BATMAN

THINK TANK
Joined
Dec 20, 2017
Messages
1,892
Reactions
1,697 47 0
Country
Pakistan
Location
Pakistan
Ik & SMH's tilt towards Iran is rather disappointing, lets see how long it lasts.

Having tilt is another thing, and talking the language of Mulla of Iran is another thing.
Being PM of Pakistan he's addressing Khamenai as supreme leader is insult of all Pakistan, may be not all.....
I still wonder, what was his reason for Iranian tour and what he achieved there for Pakistan?
This gang was totally exposed when they kept Taftan border open for months, while Iran was exploding with COVID.
Now the other aspect is behavior of this person, while being in OIC or in presence of Arab leadership.
In his speeches, he's full of criticism of Arab world but when he's in Iran he has nothing but to worship their graves and blame Pakistan and now this!
 
Top