A1 Telekom, the largest internet service provider (ISP) in Austria recently fell victim to a security breach that affected its internal networks and systems.

A local blogger named Christian Haschek said that their team received an email from the whistleblowers calling themselves as “Libertas” that notified them about this breach.

The whistleblowers told the local blogger that the attackers targeted more than 12000 A1’s servers and downloaded a massive amount of customer data since December 2019.

The company addressed this breach saying that they kicked out the hackers from their system on May 22, 2020, and also stated that not almost all internal servers were compromised but only a dozen.

Hackers targeted Austrian ISP by exploiting a vulnerability of an (unspecified) Microsoft product. After the investigation, the A1 Telekom team found out multiple web shells were spread across their internal network and systems including two of their internal domains.

Also, “A1 confirmed that the attackers had access to a SQL database and did various queries although they said no customer data was in those databases and no customer info was transferred out of the system,” said Cristian.

The whistleblowers said that they penetrated into two of the A1’s network admin accounts by using the passwords that were unchanged since 2013 and “were well known to a few generations of technicians at the company”. In response to this A1 said that these passwords are indeed valid but old, and most of them aren’t used anymore.

Austria’s largest telco has now reset passwords for all its 8000+ employees and changed access keys and passwords for all servers and services.

The hackers did not roll out any ransomware in A1 Telekom’s compromised systems or demanded any ransom, it states involvement of an advanced persistent threat (APT) group.

Christian who first reported about this story on Haschek, said the source claimed that the hacking group that targeted A1 Telekom could be “Gallium“, a Chinese nation-state group specialized in targeting telecommunications companies.

Kanishk Tagade

Founder and Editor at QuickCyber. Kanishk is a cybersecurity enthusiast, security researcher, and an enterprise growth marketer. He's also a community member of the Nasscom community and corporate contributor at many technology magazines and security awareness platforms. He is also a social micro-influencer for cybersecurity, Infosecurity, digital transformation, and artificial intelligence technologies.

Share with your friends:


Leave a Reply

Your email address will not be published. Required fields are marked *