20.5k unique visitors in the last 3 days

Ransomware Attack on Danish Telco

Hackers gained access to commercial information stored on a server belonging to TT Network, the joint mast operation of Telia Denmark and Telenor Denmark.

TT Network, the joint mast operation of Telia Denmark and Telenor Denmark, was hit by a ransomware attack last week, as confirmed by a Telenor press release. The attackers infiltrated a single server and obtained data about 25 employees but did not gain access to the mobile network or any data about phone users.

The hackers posted a notice to the dark web on December 13 saying they had obtained all of TT Network’s “important documents”, with information about bank accounts, contracts, insurance and employees. They threatened to make the information public if TT Network did not respond within 72 hours. TT Network confirmed that data about leases and 25 employees had been transferred from the server before the attack was discovered and the hackers’ access was terminated.

No comment has been made about whether the telco made contact with the hackers but it seems that none of the documents obtained by the hackers have been published so far. There was no mention of whether the ransomware had caused disruption to systems or the corruption of any data stored on the compromised server. The 25 affected employees have been informed of the hack, along with the police and the Danish authorities responsible for cybersecurity and data protection.

This ransomware attack will gain less attention from the media because it does not threaten ordinary people in the way so many other ransomware attacks do. However, telcos cannot afford to allow sensitive information about commercial deals to be broadcast to rival businesses. These hackers appear somewhat amateurish in their approach to obtaining money, and this required them to draw attention to themselves. More sophisticated corporate spies would have simply taken the information and said nothing about it whilst hunting for ways to compromise more of their target’s systems.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email