SUMMARY
- Telefonica confirmed a data breach involving its internal Jira ticketing system, with stolen data leaked online.
- Hackers used compromised employee credentials to access and scrape 2.3 GB of internal data.
- The breach is linked to Hellcat Ransomware, also tied to a Schneider Electric cyberattack.
- No extortion attempts were made; data was leaked without contacting Telefonica.
- The attack highlights increasing cyber threats against global telecommunications firms.
Telefonica, a Spanish multinational telecommunications company, confirmed a data breach of their internal ticketing system. The confirmation came after stolen data appeared on Breach Forums, a cybercrime and hacking forum.
Telefonica, the largest telecommunications firm in Spain, operates in twelve countries with over 104,000 employees. The Telefonica cyberattack. The company has confirmed that its ticketing system was breached and that it is currently investigating the incident’s extent and has taken steps to prevent further unauthorized access. The leak on the hacking forum included a Telefonica Jira database.
Four individuals using aliases DNA, Grep, Pryx, and Rey claimed responsibility for the breach. According to Pryx, one of the attackers, the “internal ticketing system” is an internal Jira development and ticketing server utilized by Telefonica for reporting and resolving internal issues.
According to sources, compromised employee credentials were used to breach the system on the prior day. Telefonica responded by blocking their access and resetting passwords on impacted accounts. The attackers say they were able to scrape roughly 2.3 GB of documents, tickets, and various data using the compromised employee accounts. While some of this data was labeled as customers, the tickets were opened with @telefonica.com email addresses, indicating they might have been opened on behalf of customers.
Pryx claims they did not contact Telefonica or attempt extortion before leaking the data online. Three individuals behind the attack, Grep, Pryx, and Rey, are also part of a recently launched ransomware operation known as Hellcat Ransomware. Hellcat is responsible for a recent data breach at Schneider Electric, where 40GB of data was stolen from the company’s JIRA server.
This Telefonica cyberattack reportedly involves Fortinet, a crucial component of the company’s network infrastructure. While the extent of the data breach and the nature of the compromised data remain undisclosed, concerns have arisen regarding the potential impact. Despite the claim, Telefonica’s official website remains functional, raising questions about the authenticity of the alleged cyberattack.
This, however, is not the first time that Telefonica has suffered a data breach. In July 2018, millions of Telefonica customers had their data exposed after a security breach. Nevertheless, as the telecommunications industry faces cyber threats, companies must maintain their collaboration to establish proper cybersecurity measures against critical infrastructure.
RELATED TOPICS
- Telecom Giant BT Group Hit by Black Basta Ransomware
- 8220 Gang Targets Telecom in Global Cryptojacking Attack
- Hackers Breach TPG Telecoms’ Email Host to Steal Client Data
- US Telecom Breaches Widen as 9 Firms Hit by Chinese Hackers
- New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms