Canadian Telecom Firm Telus Reportedly Investigating Breach

  /     /     /  
Publicated : 23/11/2024   Category : security


Canadian Telecom Firm Telus Reportedly Investigating Breach


A threat actor has leaked data — purportedly, samples of Telus employee payroll data and source code — on a hacker site.



Telus, one of Canadas largest telecommunications providers, is reportedly investigating a potentially major breach of its systems after a threat actor posted samples online of what the person claimed was sensitive data from the company.
The leaked data included what the adversary alleged was a sample of employee payroll records, source code from the telecom firms private GitHub repositories, and other information.
In a post on BreachForums, 
according to reports
, the threat actor offered for sale an email database purporting to contain the email addresses of every employee at Telus. The price for the database was $7,000. Another database, supposedly containing payroll information of the top executives at the telco, including its president, was available for $6,000.
The threat actor also offered for sale, for $50,000, a data set that the person claimed included more than 1,000 private GitHub repositories belonging to Telus. The source code available for sale apparently included an API that would allow an adversary to do SIM-swapping — a process where attackers hijack another individuals phone by transferring the number to their own SIM card.
This is the FULL breach, the alleged hacker wrote in the post of BreachForums. You will receive everything associated with Telus, including complete subdomain lists and screenshots of active sites, the post went on to say. Its unclear whether any of the data that the alleged attacker appeared to have is authentic or belonged to Telus, as claimed. The service provider did not respond to multiple Dark Reading requests for comment. 
That said, 
IT World Canada
quoted a Telus spokesman as saying the company is currently investigating claims about a small amount of data related to the companys source code and certain employees being leaked on the Dark Web.
If the breach at Telus happened as the threat actor claimed, it will be the latest in a string of attacks that have targeted telecom firms recently. Just since the beginning of the year, attackers have breached multiple major telecommunications firms including three of Australias largest:
Optus
,
Telestra
, and
Dialog
. And earlier this month, researchers at SentinelOne reported observing a previously unknown
bad actor targeting telecom firms in the Middle East
in what appeared to be a cyber-espionage campaign.
Analysts believe a couple of factors are driving the trend. The widespread and growing use of mobile devices for multifactor authentication (MFA) for instance has put a target on telecommunication companies and their networks.
Financially motivated cybercriminals
looking to access online accounts have also begun to increasingly target telecom providers in so-called
SIM-swapping attacks
to hijack phones and intercept SMS authorizations for two-factor authentication.
Another factor — a long-standing one — that has made telecom companies a big target is the opportunity they provide for adversaries to surveil people of interest. There have been numerous incidents in recent years where state-sponsored threat actors from countries that include Iran, Turkey, and China
have broken into a telecom network
to, among other things, steal call-data records for monitoring conversations of targeted individuals and groups.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Canadian Telecom Firm Telus Reportedly Investigating Breach