Search This Blog

Showing posts with label Vodafone. Show all posts

Vodafone Investigates Source Code Theft Claims

Vodafone launched an inquiry after a group of hackers claimed that they stole a hundred GBs of source codes from the telecom company. The cybercrime group calls itself 'Lapsus$," which claims to have obtained around 200 GBs of source code files, representing around 5,000 GitHub repositories. According to a statement in an email, Vodafone confirmed that it knows about the situation, and an investigation has been started. 

The company said that it is currently enquiring about the claim with law agencies to verify its credibility. But, in general, the types of repositories referenced in the claim have proprietary source code and don't contain customer data. 

As of now, the hackers have not exposed any Vodafone source code which they claim to have stolen. However, they are asking tens of thousands of users that subscribed to their Telegram channel to what leak next- Vodafone, e-commerce company MercadoLibre, or Portuguese media company Impresa. The poll ends on March 13. The attack on Impresa resulted in disruption, MercadoLibre confirmed in an SEC filing that source code and 300,000 users' data were leaked. 

Last month, Vodafone Portugal has accused of service problems on a 'malicious cyberattack,' however, it's not clear if the cases are linked. Lapsus$ group has also leaked source codes and other information from NVIDIA and Samsung. 

NVIDIA confirmed that hackers stole employee credentials and signature certificates. Threat actors stole 190 GB of data from Samsung, confirmed the theft of source codes linked to Galaxy devices, however, it said that employee and customer data wasn't compromised. 

The hackers are thinking of getting big ransom payments from affected companies for not publishing the leaked data. From NVIDIA, threat actors asked the company to open-source drivers and delete a feature that restricts Ethereum mining capabilities in a few of the graphics cards. 

"The hackers gained access to the company’s Amazon Web Services account and sent emails and text messages to subscribers, the statement said. The hackers accessed some subscriber information, but Impresa said it had no evidence they got hold of subscribers’ passwords or credit card details," says Security Week.

Vodafone Portugal Services were Disrupted due to a Cyberattack


Vodafone was the target of a network disruption that began on the night of February 7, 2022, as a result of an intentional and malicious cyberattack targeted at inflicting damage and disruption. As soon as the first indication of a network issue was noticed, Vodafone responded quickly to identify, contain, and restore services. This situation is affecting the provision of services based on data networks, such as 4G/5G networks, fixed voice, television, SMS, and voice/digital answering services. 

"We have already recovered mobile voice services and mobile data services are available exclusively on the 3G network almost throughout the country but, unfortunately, the size and severity of the criminal act to which we have been subjected implies for all other services a careful and prolonged recovery work involving multiple national, international teams and external partners," the company said in a statement. 

According to Vodafone Portugal CEO Mário Vaz, the attack affected millions of people, businesses, and public services such as ambulance services, fire departments, and hospitals. He stated that emergency services were prioritized in efforts to restore communications. He told reporters that whoever was behind the incident had not demanded a ransom. 

"The attack sought to make (Vodafone Portugal) inoperative," he said. He refused to go into detail about the company's and police's inquiry. According to the company, it delivers fiber services to 3.4 million Portuguese homes and businesses, and it has 4.7 million cellphone clients.

Vodafone said it is attempting to restore the remaining services with the assistance of local and international teams in what is presently the company's largest cybersecurity incident. The company also stated that it is cooperating with authorities to investigate the issue and that, based on existing evidence, no customer data appears to have been accessed or compromised. Despite the existence of various claims on the internet, Vodafone Portugal has not linked the ongoing situation to a ransomware attack. 

These rumors are currently making the rounds on the internet after a ransomware gang extorted Impresa and Cofina, two of Portugal's leading news media sites, over the past month. The Lapsus$ ransomware group, which was responsible for the two attacks, has not claimed responsibility for the Vodafone Portugal outage on any of its online accounts. 

When contacted through LinkedIn, a Vodafone Portugal employee stated that they were only aware of the technical disruption and were unaware of the company's press statement attributing the outage to a hack.

Flubot can Spy on Phones and can Gather Online Banking Details


Experts cautioned that a text message scam infecting Android phones is expanding across the UK. The message, which appears to be from a parcel delivery company and instructs users to download a tracking program, is actually a malicious piece of spyware. Flubot can seize over smartphones and spy on phones in order to collect sensitive data, such as online banking information. Vodafone, the network provider, said that millions of text messages had now been transmitted through all networks. 

Flubot is the name of malicious malware that attacks Android devices. Flubot is distributed by cybercriminals through SMS messages that include links to download websites for a bogus FedEx program (in at least three languages, including German, Polish, and Hungarian). These websites download a malicious APK file (Android Package File) that installs the banking malware Flubot. 

“We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it's something that needs awareness to stop the spread," a spokesman said. Customers should "be extra cautious about this specific piece of malware,” he said, and avoid clicking on any links in text messages. 

Later, the National Cyber Security Centre (NCSC) provided guidelines on the threat, with instructions on what to do if you accidentally accessed the attacker's program. "If users have clicked a malicious link it's important not to panic - there are actionable steps they can take to protect their devices and their accounts," the NCSC said in a statement. The ransomware may also send further text messages to the contacts of an infected person, aiding its propagation. 

"The seriousness of these malicious text messages is underlined by Vodafone making the decision to alert its customers," said Ben Wood, chief analyst at CCS Insight. "This has the potential to become a denial-of-service attack on mobile networks, given the clear risk that a rogue application can be installed on users' smartphones and start spewing out endless text messages. The broader risk for users is a loss of highly sensitive personal data from their phones," he added. 

Although text message scams pretending to be from a package delivery company are popular, they have mainly focused on phishing, which involves tricking the recipient into filling out a form with personal information such as bank account numbers.

BGP Leak Causes 13x Spike in Misdirected Traffic


An enormous BGP routing leak that occurred on 16th April 2021 disrupted the connectivity for a great many significant organizations and sites all across the planet. Albeit the BGP routing leak happened in Vodafone's independent network (AS55410) situated in India, it has affected U.S. organizations, including Google, as indicated by sources. 
BGP or Border Gateway Protocol is the thing that makes the modern-day internet work. It is akin to having a "postal system" for the web that works with the redirection of traffic from one (autonomous) system of networks to another. The web is a network of networks, and for instance, a client situated in one nation needed to get to a site situated in another, there must be a system set up that understands what ways to take while diverting the client across different networked systems. And, that is the reason for BGP: to coordinate web traffic effectively over different ways and systems between the source and destination to make the internet function.

On 16th April 2021, Cisco's BGPMon detected a disparity in an internet routing system, possibly demonstrating some BGP hijacking activity taking place: "Prefix, is normally announced by AS270497 RUTE MARIA DA CUNHA, BR." "But beginning at 2021-04-16 15:07:01, the same prefix ( was also announced by ASN 55410," stated BGPMon's announcement. 

Doug Madory, director of Internet analysis at Kentik further affirmed these discoveries expressing that the autonomous system ASN 55410 was seeing a 13 times spike in inbound traffic directed to it. The said autonomous system (AS55410) belongs to Vodafone India Limited.

“We have done a complete analysis of the reported matter and have not observed any issue in routing security at our end. A wrong advertising of the routing table publishing made by one of our Enterprise customers had led to this incident. This was responded to immediately and rectified,” a Vodafone Idea Ltd spokesperson said.

"This incident only affected traffic for about 10 minutes, but during that time there were likely countless internet connection problems for users around the world." "Anyone trying to reach web resources configured with the IP addresses in the routes that were leaked would have had their traffic misdirected to AS55410 in India and then dropped," Doug Madory from Kentik told BleepingComputer in an email interview.