A group of Iranian hackers known as Greenbug has been targeting IT systems around South Asia for several months, cybersecurity firm Symantec reported on Friday.
The group has targeted at least three telecom firms in Pakistan and accessed data servers when it suits them. The report does not reveal the specific companies being targeted but describes how the group has been attacking them.
The group uses virtual “tunnels” to stay connected to the victim’s machines without a trace. They use this to access other machines on the same network and valuable information.
Jon DiMaggio, senior cyber threat analyst at Symantec explained Greenbug’s drive to stay connected to Pakistani telecom companies after being discovered saying:
As we would close one door, they would attempt to come back from another.
This isn’t the first time a hacker group has been involved in attacks against telecom companies. According to Symantec, 18 different hacking groups linked to various governments around the globe targeted telecom firms in 2019. A Chinese group managed to breach over 10 cellular providers in Asia, Middle East, Europe, and Africa.
Symantec believes that telecom companies will always be in the crosshairs of such attacks as they provide a treasure trove of information on the company’s entire user database. While US telecom giants such as AT&T and Verizon have heavily invested in protection against such attacks, not all companies have the same resources as them.
In the end, the report recommends firms to keep their systems up to date with the latest security features and patches as doing so automatically removes most vulnerabilities in a system.
For technical details, we recommend reading Symantec’s original report