Hackers Targeting Telecommunications Industry

Among the most crucial industries to any nation’s infrastructure is the one based on telecommunications. It serves as the foundation for communication and coordination, providing the necessary connectivity for people to stay connected and for businesses to operate efficiently.

The year 2023 is projected to have an impressive increase in the number of internet users, reaching a total of 311.3 million individuals. This represents a remarkable 91.8% penetration rate among the general population.


As a result, ransomware and APT groups have an increasing opportunity to capitalize on this lucrative threat attack surface.

A significant number of U.S. telecommunications companies have recently been targeted by hackers since January, as reported by the Cyble Research & Intelligence Labs.

Over 74 Million Clients’ Data Leaked

CGM LLC, a U.S.-based SaaS provider, was targeted by the notorious ransomware group CL0P on January 5, 2023. As a specialist in Affordable Connectivity, CGM LLC assists telecommunications providers with their participation.

Recently, leaked screenshots made their way into the public eye and they included sensitive information submitted by applicants who were considered to be disadvantaged.

IntelBroker claimed to have discovered 37 million AT&T client records on the unsecured cloud storage of a third-party vendor on January 6, 2023.

IntelBroker went one step further by not only claiming to have found the unsecured cloud storage but also making a sample of 5 million records public.

This action not only confirmed the validity of their discovery but also added to the severity of the situation. To make matters worse, IntelBroker received assistance in attributing the leak to other threat actors on a public forum.

On January 19, 2023, T-Mobile, a leading telecommunications company, took a step to address a serious security incident. The company filed a report with the Securities and Exchange Commission (SEC), informing them of a malicious actor who exploited vulnerabilities in T-Mobile’s API. 

As a result of this breach, the bad actor was able to steal personal and sensitive information, including 37 million customers’ personally identifiable information (PII).

Affected clients have been notified by T-Mobile which also stated that police are assisting them in the investigation. During this attack, Google Fi, which uses T-Mobile as its primary provider for Internet access and mobile phone service, was targeted for targeted SIM swapping attacks.

IntelBroker made a shocking announcement on January 18, 2023, to the public. The threat actor announced that they were offering to sell a massive amount of personal and sensitive information belonging to 550,000 users of Charter Communications.

On January 26, 2023, the threat perpetrator behind the offer to sell the personal and sensitive information made a follow-up move that caused even more alarm. The individual decided to leak the entire database of information, making it freely available to anyone who was interested.

It was reported that IntelBroker released a database for free on January 27, 2023, claimed by Verizon to be from its servers, and there were 7.5 million records in this database that contained information about clients.

On February 1, 2023, IntelBroker made another shocking announcement to the public. The threat actor shared a database that contained sensitive information belonging to 144,000 clients of U.S. Cellular, one of the largest telecommunications companies in the United States.

Types of Data Compromised

In most cases, third-party vendors are responsible for the breaches that have been discussed above. Several high-profile incidents involving data breaches have occurred as a result of third-party breaches. 

These incidents have arisen through various means, such as vendors, software, and managed service providers (MSPs). One such incident was the breach at Okta in March 2022, while another was the Kaseya hack that took place in July 2021. 

The most recent breach involved the leak of 77,000 Uber employees’ data, which was caused by a breach at a third-party vendor called Teqtivity.

While the types of data compromised in these incidents are:-

  • Addresses
  • Account numbers
  • Service details
  • First names
  • Device types 
  • Service plans
  • Emails
  • Device information
  • Phone number
  • Subscription service details


Here below we have mentioned all the recommendations offered by the GRC (Governance, Risk, and Compliance):-

  • A comprehensive list of the technologies and vendors used by third parties must be created.
  • Always check the compliance of third-party vendors with industry standards and the results of previous audits.
  • Make sure to review the amount, method, and sensitivity of access to data from third parties.
  • The scope of the regular VAPT process should include third-party vendors as well, and it should be performed on a regular basis.
  • It will be necessary for you to obtain cyber insurance, and you should require your vendors to do the same.
  • Being up to date on the latest threats and techniques being used by threat actors is extremely important.
  • Implementing a zero-trust policy at the organizational level can minimize the possibility of supply chain compromise.

Network Security Checklist – Download Free E-Book

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.