A hacker is threatening to leak 106GB of information allegedly stolen from Spanish telecommunications firm Telefónica in a breach that the corporate didn’t acknowledge.
The menace actor has leaked a 2.6GB archive that unpacks into 5 gigabytes of information with a little bit over 20,000 information to show that the breach occurred.
The breach allegedly occurred on Could 30 and the hacker claims that they had 12 hours of uninterrupted knowledge exfiltration earlier than defenders revoked entry.
The hacker claiming duty for the assault is named “Rey” and is a member of the Hellcat Ransomware group – chargeable for one other breach at Telefónica in January by means of an inner Jira improvement and ticketing server.
Rey advised BleepingComputer that they exfiltrated 385,311 information totaling 106.3GB of inner communications (e.g. tickets, emails), buy orders, inner logs, buyer information, and worker knowledge.
In addition they stated that the Could 30 breach was potential due to a Jira misconfiguration after the corporate handled the earlier compromise.
BleepingComputer tried on a number of events since June third to succeed in out to Telefónica over e mail. We additionally contacted a number of C-suite workers however acquired no acknowledgment of the Could 30 breach.
The one response we acquired got here from a Telefónica O2 worker, who dismissed the alleged incident as an extortion try utilizing outdated info from a beforehand identified incident.
Telefónica O2 is the Spanish firm’s model for its telecommunications companies within the U.Okay. and Germany.
Rey shared with BleepingComputer a pattern and file tree of the info allegedly stolen from Telefónica on Could 30. Among the information included invoices to enterprise shoppers in a number of nations, together with Hungary, Germany, Spain, Chile, and Peru.
Within the information we acquired there have been e mail addresses for workers in Spain, Germany, Peru, Argentina, and Chile, and invoices for enterprise companions or prospects in European nations.
The latest file we may discover in all the data Rey shared was from 2021, although, which appears to verify what the corporate consultant advised us.
Nevertheless, the hacker is adamant in regards to the knowledge coming from a brand new breach from Could 30. To show their level, they began leaking part of the allegedly stolen information.
“Since Telefonica has been denying a current 106 GB breach containing knowledge from its inner infrastructure, I’m releasing 5 GB right here as proof. Quickly, I’ll publish the total file tree, and over the following few weeks, if Telefonica doesn’t comply, your entire archive shall be launched. ;)” – Rey stated.
The info was initially distributed utilizing the PixelDrain storage and knowledge switch providers but it surely was eliminated after a number of hours for authorized causes.
The menace actor later distributed one other obtain hyperlink from Kotizada, a service then turned to a different service, Kotizada, which Google Chrome flags as a harmful website and strongly recommends customers to keep away from it.
Till Telefónica supplies an official assertion, it’s unclear if it is a new breach consisting of outdated knowledge. Nevertheless, from BleepingComputer’s findings, among the e mail addresses within the leak belong to lively workers.
The HellCat hacking group just isn’t new on the scene and they’re sometimes targeted on focusing on Jira servers. They’re chargeable for a number of assaults at high-profile firms.
They claimed compromises at Swiss international options supplier Ascom, Jaguar Land Rover, Affinitiv Schneider Electrical, and Orange Group.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
