Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label GSMA. Show all posts
Malwares
CVE CVE exploits CVE vulnerability CVEs Cyber Attacks Cyber Threat Intelligence Google GSMA GTIG Hacker attack Malware Attack Malwares

Hackers Exploit End-of-Life SonicWall Devices Using Overstep Malware and Possible Zero-Day

 

Cybersecurity experts from Google’s Threat Intelligence Group (GTIG) have uncovered a series of attacks targeting outdated SonicWall Secure Mobile Access (SMA) devices, which are widely used to manage secure remote access in enterprise environments. 

These appliances, although no longer supported with updates, remain in operation at many organizations, making them attractive to cybercriminals. The hacking group behind these intrusions has been named UNC6148 by Google. Despite being end-of-life, the devices still sit on the edge of sensitive networks, and their continued use has led to increased risk exposure. 

GTIG is urging all organizations that rely on these SMA appliances to examine them for signs of compromise. They recommend that firms collect complete disk images for forensic analysis, as the attackers are believed to be using rootkit-level tools to hide their tracks, potentially tampering with system logs. Assistance from SonicWall may be necessary for acquiring these disk images from physical devices. There is currently limited clarity around the technical specifics of these breaches. 

The attackers are leveraging leaked administrator credentials to gain access, though it remains unknown how those credentials were originally obtained. It’s also unclear what software vulnerabilities are being exploited to establish deeper control. One major obstacle to understanding the attacks is a custom backdoor malware called Overstep, which is capable of selectively deleting system logs to obscure its presence and activity. 

Security researchers believe the attackers might be using a zero-day vulnerability, or possibly exploiting known flaws like CVE-2021-20038 (a memory corruption bug enabling remote code execution), CVE-2024-38475 (a path traversal issue in Apache that exposes sensitive database files), or CVE-2021-20035 and CVE-2021-20039 (authenticated RCE vulnerabilities previously seen in the wild). There’s also mention of CVE-2025-32819, which could allow credential reset attacks through file deletion. 

GTIG, along with Mandiant and SonicWall’s internal response team, has not confirmed exactly how the attackers managed to deploy a reverse shell—something that should not be technically possible under normal device configurations. This shell provides a web-based interface that facilitates the installation of Overstep and potentially gives attackers full control over the compromised appliance. 

The motivations behind these breaches are still unclear. Since Overstep deletes key logs, detecting an infection is particularly difficult. However, Google has shared indicators of compromise to help organizations determine if they have been affected. Security teams are strongly advised to investigate the presence of these indicators and consider retiring unsupported hardware from critical infrastructure as part of a proactive defense strategy.
Read more »
Telecom Firm
Cyber Crime France GSMA Online fraud Telecom Firm

French Telecom Companies Band Together to Combat Rising Fraud

 

The four leading mobile network carriers (MNOs) in France have teamed up to combat identity theft and online fraud. To help online companies fight fraud and digital identity theft, Bouygues Telecom, Free, Orange, and SFR announced on December 3 that they will introduce two network Application Programmable Interfaces (APIs) for the French market in the first half of 2025. This initiative is part of the Open Gateway system of the Global System for Mobile Communications Association (GSMA).

About GSMA

The GSMA, a trade association representing the global interests of mobile operators, was established in 1995. As of 2024, it has more than 750 members. In 2023, the GSMA launched the Open Gateway Initiative, aiming to create digital solutions that work seamlessly across devices, regardless of the nation or operator.

Since its inception, the program has onboarded 67 mobile network operators (MNOs) and 26 channel partners, representing 278 networks and covering three-quarters of global mobile connections. Developers can access these network capabilities via APIs through the CAMARA repository, an open-source initiative by the Linux Foundation.

“This aligned market launch of CAMARA APIs from France’s leading operators will make it easier to keep people safe from the growing threat of fraud. The initiative benefits businesses, mobile operators, and their customers, saving developers time, money, and effort while allowing for the quick launch of innovative new services.”

Henry Calvert, Head of Networks at the GSMA

Role of APIs in Mitigating Fraud

1. KYC Match API

Purpose: Cross-check user-provided information with verified data stored by the mobile network operator during the Know Your Customer (KYC) process.

The KYC Match API validates details such as mobile phone numbers, names, postal codes, and email addresses, without transferring any personally identifiable information (PII).

France is the first country to have all its national MNOs adopt KYC Match. Several financial institutions, including Crédit Agricole's online subsidiary BforBank and Credit Mutuel Arkéa's Fortuneo, are already utilizing this API in collaboration with DQE Software to screen new customers.

2. SIM Swap API

Purpose: Detect recent SIM card changes to prevent account takeover fraud.

This API checks if a phone number has recently had its SIM card swapped, helping financial institutions verify the relationship between a customer’s phone number and their SIM card during transactions.

Use Case: This helps prevent fraudsters from using stolen personal data and social engineering tactics to take over accounts.

“For example, at the time of a financial transaction, a financial institution can check whether the relationship between the customer’s phone number and SIM Card has been recently changed, helping them decide whether to approve the transaction or not.”

What’s Next?

Following the launch of KYC Match and SIM Swap APIs, French MNOs plan to release a third API, Number Verification, which will provide robust authentication for mobile numbers, potentially replacing SMS-based multi-factor authentication (MFA) solutions.

Key Benefits of These APIs

  • Enhanced Security: Protects users from identity theft and account takeover.
  • Operational Efficiency: Saves businesses and developers time and resources.
  • Improved Fraud Detection: Strengthens verification processes without compromising user privacy.

By adopting these APIs, French mobile carriers are setting a global benchmark for digital security and fraud prevention, making online interactions safer and more secure for businesses and consumers alike.

Read more »
Subscribe to: Posts (Atom)