CVE-2024-38329 – IBM Storage Protect Vulnerability
June 20, 2024An Emerging Ducktail Infostealer – Active IOCs
June 20, 2024CVE-2024-38329 – IBM Storage Protect Vulnerability
June 20, 2024An Emerging Ducktail Infostealer – Active IOCs
June 20, 2024Severity
High
Analysis Summary
After a threat actor claimed to be selling data that had been stolen from the telecoms company, T-Mobile denied that it had been compromised or that the source code had been taken. The company says to have been actively looking into reports of a problem at a third-party service provider.
This declaration follows the claims of a well-known threat actor connected to other breaches that they breached T-Mobile in June 2024 and stole the source code. To verify the authenticity of the material and its recent cyberattack origin, the threat actor released multiple pictures demonstrating administrator-level access to a Confluence server and the company's developer-only internal Slack channels. The data that the cybercriminal is offering for sale includes source code, SQL files, images, Terraform data, certificates from t-mobile.com, and Siloprograms.
However, according to a source, the information that the threat actor is selling is actually previous screenshots of T-Mobile's infrastructure that were taken and uploaded to the servers of a third-party vendor. If all of the recent data breaches claimed by the threat actor were caused by this cloud provider, it might account for the origin of all of the data. As recently as this month, the hacker gained access to a Jira instance for testing applications, according to screenshots.
One leaked image shows a search for major vulnerabilities mentioning CVE-2024-1597, which affects Confluence Data Center and Server and has a severity value of 9.8 out of 10. It is unknown how the hackers gained access to the provider. It is uncertain at this time whether the third-party vendor was compromised via this vulnerability.
This is the third cybersecurity incident that T-Mobile has had to deal with in less than two years, and the company has dealt with several in the past. On January 19, 2023, the telecoms provider revealed that hackers had taken 37 million users' personal data. The mobile operator said in May 2023 that, beginning in February of that same year, data belonging to hundreds of users had been exposed to unidentified intruders for almost a month.
Impact
- Exposure of Sensitive Data
- Information Theft
- Unauthorized Access
Remediation
- Use strong, unique passwords for sensitive accounts. Regularly change passwords for all accounts.
- Implement multi-factor authentication (MFA) on all accounts to add an extra layer of security to login processes.
- Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
- Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
- Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
- Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
- Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
- Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
- Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.
- Never trust or open links and attachments received from unknown sources/senders.
- Improve communication with customers by providing timely and transparent updates about data breaches, including what information was compromised and the steps being taken to mitigate the impact.
- Ensure that all vendors and third-party partners adhere to stringent security protocols and regularly assess their cybersecurity practices to minimize the risk of data breaches originating from external sources.
- Provide affected customers with comprehensive support, including credit monitoring services, identity theft detection, and resolution assistance, to help mitigate the potential consequences of the breach.