Bad Connection
Uncovering Global Telecom Exploitation by Covert Surveillance Actors https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/

An investigation by the Citizen Lab Team, which uncovers two sophisticated telecom surveillance campaigns and, for the first time, directly links real-world attack traffic to mobile operator signalling infrastructure.

#CyberSecurity #ThreatIntelligence #Surveillance #TelecomSecurity #MobileSecurity #SS7 #NetworkSecurity #CyberEspionage #CitizenLab #Infosec #Privacy #DigitalRights #CyberResearch #SignalInfrastructure #Telecom

To truly understand a regional cyber landscape, we must look beyond isolated incidents. 🌐

Join us tomorrow for #TelcoSec Talk #2, where we shift the focus to the broader ecosystem. Together with Philippe Langlois and Hamid Kashfi, we will explore the Iran-linked activity landscape through a more comprehensive, analytical lens.

Using ApexThreats, we’ll connect the dots between:

Infrastructure & Signals: Moving beyond single events to see underlying structures.

Contextual Dynamics: How timelines and actors intersect within the telecom space.

The Full Picture: What becomes visible when you analyze the entire ecosystem as a whole.

Gain a more nuanced view of regional digital evolution.

📅 Tuesday, March 24th, 2026

⏰ 11:00am CET | 1:00pm KSA | 2:00pm GST

👉 Register here: https://watch.getcontrast.io/register/p1-security-telcosec-talk-v2-iran-cyberwar-telecom-infrastructure

#CyberThreatIntelligence #TelecomSecurity #APT #P1Security #ThreatIntel

Odido confirms major breach:
• 688,102 accounts added to HIBP
• ~6M records potentially exposed
• ShinyHunters claims responsibility
• Ransom refused — data leaked in stages
Sensitive financial & identity data compromised.

Full details:
https://www.technadu.com/odido-data-breach-exposes-almost-690000-telecom-customer-accounts/621284/

#InfoSec #DataBreach #TelecomSecurity #CyberRisk

UNC3886 leveraged ORB infrastructure for stealthy telecom targeting.

Per Cyber Security Agency of Singapore:
• Zero-day firewall compromise
• Rootkit persistence mechanisms
• GOBRAT & TINYSHELL C2 nodes
• ORB-tagged IP clustering in Singapore ASNs
• NetFlow-confirmed router-to-ORB communications
• Pre-positioned reconnaissance

Attribution aligned with assessments from Mandiant linking activity to China-sponsored espionage.

ORB networks blur the line between botnets and residential proxy ecosystems, increasing attribution friction and collateral risk.

Defensive priorities:
• Threat intel enrichment
• Edge device patch enforcement
• ASN anomaly detection
• Zero-trust segmentation
• IoT telemetry visibility

How mature are ORB detection capabilities in your SOC?

Engage below.

Source: https://cyberpress.org/orb-networks-masks-attacks/

Follow @technadu for advanced threat analysis.

#ThreatIntel #UNC3886 #ORBNetworks #IoTSecurity #ZeroDay #C2Infrastructure #NetFlow #TelecomSecurity #BlueTeam #ThreatHunting #APTActivity #CyberOperations #Infosec

Singapore telecommunications were targeted by UNC3886 in a cyber-espionage campaign — telecoms remain high-value gateways for strategic surveillance. Connectivity is power. 📡🕵️‍♂️ #CyberEspionage #TelecomSecurity

https://www.helpnetsecurity.com/2026/02/10/singapore-telecommunications-unc3886-cyber-espionage/

UNC3886 targeted Singapore’s telecom infrastructure, impacting Singtel, StarHub, M1 & Simba.

Limited access, small technical data exfiltration, no customer data exposed.

https://www.technadu.com/unc3886-cyber-espionage-group-linked-to-singapore-telecom-infrastructure-cyberattacks-singtel-starhub-m1-simba-telecom/619708/

What lessons should telecoms take from this?

#Infosec #APT #TelecomSecurity

Reporting indicates a prolonged telecom-focused intrusion campaign may have affected mobile communications of UK government aides, with attribution linked by U.S. sources to Salt Typhoon.

The case reinforces concerns around persistent access, metadata exposure, and call interception - particularly where legacy telecom systems intersect with modern threat actors.

From a defensive standpoint, where should governments prioritize: network hardening, endpoint security, or telecom architecture redesign?

Source: https://cybernews.com/cyber-war/salt-typhoon-hacked-phones-british-prime-ministers/

Join the discussion and follow @technadu for responsible threat reporting.

#ThreatIntelligence #TelecomSecurity #CyberEspionage #InfoSec #TechNadu

China-linked hackers breached telecoms via edge device exploits — attacking the network’s perimeter where visibility is weakest. Edge security is now frontline defense. 📡⚠️ #TelecomSecurity #EdgeSecurity

https://www.bleepingcomputer.com/news/security/new-china-linked-hackers-breach-telcos-using-edge-device-exploits/

Brightspeed has acknowledged an ongoing investigation into alleged unauthorized access following claims made by a known threat group.

The case underscores the importance of evidence validation, controlled disclosures, and coordinated response when dealing with public claims of data exfiltration - especially in large telecom environments.

What best practices should guide organizations during claim-driven incident response?

Contribute your perspective and follow @technadu for objective infosec coverage.

#IncidentResponse #ThreatIntel #TelecomSecurity #CyberInvestigations #Infosec #DataProtection