TechNaduFeb 27

Odido confirms major breach:
• 688,102 accounts added to HIBP
• ~6M records potentially exposed
• ShinyHunters claims responsibility
• Ransom refused — data leaked in stages
Sensitive financial & identity data compromised.

Full details:
https://www.technadu.com/odido-data-breach-exposes-almost-690000-telecom-customer-accounts/621284/

#InfoSec #DataBreach #TelecomSecurity #CyberRisk

TechNaduFeb 14

UNC3886 leveraged ORB infrastructure for stealthy telecom targeting.

Per Cyber Security Agency of Singapore:
• Zero-day firewall compromise
• Rootkit persistence mechanisms
• GOBRAT & TINYSHELL C2 nodes
• ORB-tagged IP clustering in Singapore ASNs
• NetFlow-confirmed router-to-ORB communications
• Pre-positioned reconnaissance

Attribution aligned with assessments from Mandiant linking activity to China-sponsored espionage.

ORB networks blur the line between botnets and residential proxy ecosystems, increasing attribution friction and collateral risk.

Defensive priorities:
• Threat intel enrichment
• Edge device patch enforcement
• ASN anomaly detection
• Zero-trust segmentation
• IoT telemetry visibility

How mature are ORB detection capabilities in your SOC?

Engage below.

Source: https://cyberpress.org/orb-networks-masks-attacks/

Follow @technadu for advanced threat analysis.

#ThreatIntel #UNC3886 #ORBNetworks #IoTSecurity #ZeroDay #C2Infrastructure #NetFlow #TelecomSecurity #BlueTeam #ThreatHunting #APTActivity #CyberOperations #Infosec

Manuel BisseyFeb 11

Singapore telecommunications were targeted by UNC3886 in a cyber-espionage campaign — telecoms remain high-value gateways for strategic surveillance. Connectivity is power. 📡🕵️‍♂️ #CyberEspionage #TelecomSecurity

https://www.helpnetsecurity.com/2026/02/10/singapore-telecommunications-unc3886-cyber-espionage/

Singapore telcos breached in China-linked cyber espionage campaign - Help Net Security

Singapore’s four major telecommunications companies were hit by a coordinated cyber espionage campaign last year.

Help Net Security
TechNaduFeb 9

UNC3886 targeted Singapore’s telecom infrastructure, impacting Singtel, StarHub, M1 & Simba.

Limited access, small technical data exfiltration, no customer data exposed.

https://www.technadu.com/unc3886-cyber-espionage-group-linked-to-singapore-telecom-infrastructure-cyberattacks-singtel-starhub-m1-simba-telecom/619708/

What lessons should telecoms take from this?

#Infosec #APT #TelecomSecurity

TechNaduJan 28

Reporting indicates a prolonged telecom-focused intrusion campaign may have affected mobile communications of UK government aides, with attribution linked by U.S. sources to Salt Typhoon.

The case reinforces concerns around persistent access, metadata exposure, and call interception - particularly where legacy telecom systems intersect with modern threat actors.

From a defensive standpoint, where should governments prioritize: network hardening, endpoint security, or telecom architecture redesign?

Source: https://cybernews.com/cyber-war/salt-typhoon-hacked-phones-british-prime-ministers/

Join the discussion and follow @technadu for responsible threat reporting.

#ThreatIntelligence #TelecomSecurity #CyberEspionage #InfoSec #TechNadu

Manuel BisseyJan 9

China-linked hackers breached telecoms via edge device exploits — attacking the network’s perimeter where visibility is weakest. Edge security is now frontline defense. 📡⚠️ #TelecomSecurity #EdgeSecurity

https://www.bleepingcomputer.com/news/security/new-china-linked-hackers-breach-telcos-using-edge-device-exploits/

New China-linked hackers breach telcos using edge device exploits

A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe.

BleepingComputer
TechNaduJan 6

Brightspeed has acknowledged an ongoing investigation into alleged unauthorized access following claims made by a known threat group.

The case underscores the importance of evidence validation, controlled disclosures, and coordinated response when dealing with public claims of data exfiltration - especially in large telecom environments.

What best practices should guide organizations during claim-driven incident response?

Contribute your perspective and follow @technadu for objective infosec coverage.

#IncidentResponse #ThreatIntel #TelecomSecurity #CyberInvestigations #Infosec #DataProtection

TechNaduDec 30

KT femtocell security failures allowed device cloning, SMS interception, and $169K in fraud. South Korean police arrested 5 suspects; more warrants issued.

Details:
https://www.technadu.com/kt-telco-femtocell-flaws-exposed-customers-to-fraud-south-korean-police-arrested-five-individuals/617169/

#TelecomSecurity #Infosec #CyberCrime

Manuel BisseyDec 30

KT Telecom’s femtocell security failure exposes network weaknesses at the edge — small cells, big risk. Telco security must cover every layer. 📡⚠️ #TelecomSecurity #OTSecurity

https://www.theregister.com/2025/12/30/kt_telecom_femtocell_security_fail/

Korean telco failed at femtocell security, exposed customers to snooping and fraud

: One cert, in plaintext, on thousands of devices, led to what looks like years of crime

The Register
TechNaduDec 12

Two former Cisco Networking Academy students have been linked to the Salt Typhoon campaign, which has compromised 80+ global telecom providers. Investigators say the attackers used technical skills learned directly from Cisco’s curriculum to target IOS and ASA devices.

This case reignites debate over whether corporate training programs in politically tense regions may inadvertently strengthen future threat actors.

Source: https://cybersecuritynews.com/chinese-hackers-attacking-cisco-devices/

Curious how the community views this risk.
Follow TechNadu for more verified cybersecurity reporting.

#CyberSecurity #Infosec #CiscoSecurity #ThreatIntel #SaltTyphoon #TelecomSecurity #SecurityResearch