20.5k unique visitors in the last 3 days

Ukraine Says 11 Telcos Were Compromised by Hackers

Attacks were conducted by Sandworm, a Russian military unit that has targeted France and South Korea and repeatedly attempted to cause blackouts in Ukraine.

The Computer Emergency Response Team of Ukraine (CERT-UA) has published a description of attacks against telcos by Russian state-sponsored hackers. At least 11 telcos were affected since May, and the impact includes interruptions of service for customers. This information was shared to encourage Ukrainian telcos to harden their security.

The methods used by the hackers begin with obtaining a general overview of their target by scanning subnetworks using a common set of network ports and the Masscan utility. More specialized software is then used to probe web applications such as billing, customer care systems, and websites.

Backdoors are installed and are used over time to gather the authentication credentials of administrators. This information is then used to gain access to more servers and network equipment. The final stage of an attack concentrates on disabling active network equipment and data storage systems. Backup copies of system configurations are deleted in order to delay the restoration of services.

The affected telcos were not named but CERT-UA did identify the attackers as UAC-0165, a Russian outfit that is also known as ‘Sandworm’. Sandworm is operated by Military Unit 74455, part of the foreign intelligence service of Russia’s armed forces. They have been associated with numerous attacks over their history, including interference in French elections in 2017 and the opening ceremony of the 2018 Winter Olympic Games in South Korea. Previous Sandworm attacks on Ukraine include repeated attempts to bring down electricity grids and other utilities.

The CERT-UA bulletin with specific details about the code used by Sandworm is found here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email