TT Network, the joint mast operation of Telia Denmark and Telenor Denmark, was hit by a ransomware attack last week, as confirmed by a Telenor press release. The attackers infiltrated a single server and obtained data about 25 employees but did not gain access to the mobile network or any data about phone users.
The hackers posted a notice to the dark web on December 13 saying they had obtained all of TT Network’s “important documents”, with information about bank accounts, contracts, insurance and employees. They threatened to make the information public if TT Network did not respond within 72 hours. TT Network confirmed that data about leases and 25 employees had been transferred from the server before the attack was discovered and the hackers’ access was terminated.
No comment has been made about whether the telco made contact with the hackers but it seems that none of the documents obtained by the hackers have been published so far. There was no mention of whether the ransomware had caused disruption to systems or the corruption of any data stored on the compromised server. The 25 affected employees have been informed of the hack, along with the police and the Danish authorities responsible for cybersecurity and data protection.
This ransomware attack will gain less attention from the media because it does not threaten ordinary people in the way so many other ransomware attacks do. However, telcos cannot afford to allow sensitive information about commercial deals to be broadcast to rival businesses. These hackers appear somewhat amateurish in their approach to obtaining money, and this required them to draw attention to themselves. More sophisticated corporate spies would have simply taken the information and said nothing about it whilst hunting for ways to compromise more of their target’s systems.