Hackers Allegedly Breach Nokia’s Internal Network

A cybercriminal group has allegedly infiltrated Nokia’s internal network through a vulnerable third-party contractor, potentially exposing sensitive information belonging to more than 94,500 employees in what security experts are calling one of the most extensive corporate data breaches affecting the telecommunications giant in recent years.

The threat actor, identifying as Tsar0Byte, made claims about the breach on dark web forums including DarkForums, asserting they gained access to Nokia’s systems by exploiting weaknesses in a third-party contractor’s infrastructure that maintained direct access to Nokia’s internal networks for tool development purposes.

Scope of Alleged Data Exposure

According to the report, the compromised data encompasses a comprehensive internal employee directory containing full names, corporate email addresses, phone numbers, department information, job titles, and employee identification numbers.

The alleged breach also reportedly exposed LinkedIn profile traces, internal references, corporate hierarchies, internal documents, and partner-side logs.

The attack methodology appears to mirror a growing trend among cybercriminals who target major corporations through supply chain vulnerabilities rather than attempting direct penetration of primary systems.

Security researchers analyzing the incident suggest that Tsar0Byte likely gained initial access through poorly secured contractor systems, potentially exploiting default credentials or misconfigured access controls.

This incident represents the second major security challenge Nokia has faced in recent months.

In November 2024, another threat actor called IntelBroker claimed to have stolen source code and credentials from a different third-party contractor working with the company.

The recurring pattern of attacks through third-party vendors highlights a critical vulnerability in modern corporate cybersecurity strategies.

These contractors often maintain privileged access to primary systems while operating with less stringent security protocols than their larger corporate clients.

Nokia’s cybersecurity team has acknowledged awareness of the claims and confirmed they are conducting a thorough investigation into the alleged breach.

The company stated that preliminary findings have not identified evidence of direct compromise to their primary systems, though they continue monitoring the situation closely.

Security experts emphasize that such incidents underscore the urgent need for enhanced vendor security assessments, regular audits of third-party access privileges, and implementation of zero-trust security models that assume no inherent trust for any system or user.

While Nokia has not confirmed whether customer data was directly affected, the potential exposure of internal employee information creates significant risks for targeted phishing campaigns and social engineering attacks against company personnel.

The incident serves as another reminder of the evolving cybersecurity landscape where traditional perimeter defenses prove insufficient against sophisticated threat actors exploiting trusted relationships and third-party access points.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!