AT&T and a client company have been added to the hacker’s forum for sale. According to a claim by a vendor on the hacker forum, the data contained up to 37 million records. TCE found evidence and reports suggesting that the threat actor behind the attack was new on the dark web platforms.
According to sources, the Endurance ransomware gang was credited for this attack. However, TCE also found that the alleged “ransomware group” does not operate as other popular ransomware do. In fact, only one individual known as IntelBroker is behind the group and has successfully infiltrated big corporations and breached several US government entities in less than 30 days since its inception.
In this particular instance, the Endurance ransomware gang attacked AT&T and stole databases containing 37 million records. The same data is now being sold on hacker forums but is yet to be shared elsewhere. At the time of writing, only a small chunk of data had been published as a sample for potential buyers on the hacker forum.
AT&T is a telecommunications company that provides various services, including telephone, internet, and television. Founded in 1885, it is one of the world’s oldest and largest telecommunications companies. AT&T is headquartered in Dallas, Texas, and provides services to customers in the United States and worldwide.
In addition to traditional telephone services, AT&T also offers a variety of broadband and wireless internet plans and television services through its DirecTV and U-verse platforms. AT&T also provides business services, including business telephone systems and cloud-based solutions.
AT&T Earlier Data Leak
On October 28, FalconFeedsio reported a similar incident regarding AT&T and a data leak led by the EVEREST ransomware group. The threat actor advertised the sale of AT&T on hacker forums and allegedly said they had access to their corporate networks.
Resources claim that multiple threat actors have attacked AT&T in different time durations. In most of these cases, the threat actor released the AT&T data on dark web forums. But in this instance, the number of records has increased significantly.
However, this is not the first time that AT&T has been compromised. Several prolific threat actors have attacked the organization in the last two years — though the company has denied several of these claims.
In August 2022, TCE reported the AT&T data leak wherein researchers found a database of 23 million Americans containing the social security numbers of American citizens.
Reports suggest that the data links to AT&T. Hold Security claimed that the stolen data consisted of email addresses and other information with extensions, such as “att.net,” “SBCGLobal.net,” or “Bellsouth.net.”