A hacker is threatening to leak 106GB of information allegedly stolen from Spanish telecommunications firm Telefónica in a breach that the corporate didn’t acknowledge.
The risk actor has leaked a 2.6GB archive that unpacks into 5 gigabytes of information with slightly over 20,000 recordsdata to show that the breach occurred.
The breach allegedly occurred on Could 30 and the hacker claims that they had 12 hours of uninterrupted knowledge exfiltration earlier than defenders revoked entry.
The hacker claiming accountability for the assault is named “Rey” and is a member of the Hellcat Ransomware group – chargeable for one other breach at Telefónica in January by way of an inside Jira improvement and ticketing server.
Rey instructed BleepingComputer that they exfiltrated 385,311 recordsdata totaling 106.3GB of inside communications (e.g. tickets, emails), buy orders, inside logs, buyer information, and worker knowledge.
In addition they mentioned that the Could 30 breach was doable due to a Jira misconfiguration after the corporate handled the earlier compromise.
BleepingComputer tried on a number of events since June third to achieve out to Telefónica over e mail. We additionally contacted a number of C-suite workers however obtained no acknowledgment of the Could 30 breach.
The one response we obtained got here from a Telefónica O2 worker, who dismissed the alleged incident as an extortion try utilizing outdated info from a beforehand recognized incident.
Telefónica O2 is the Spanish firm’s model for its telecommunications companies within the U.Ok. and Germany.
Rey shared with BleepingComputer a pattern and file tree of the information allegedly stolen from Telefónica on Could 30. A number of the recordsdata included invoices to enterprise shoppers in a number of international locations, together with Hungary, Germany, Spain, Chile, and Peru.
Within the recordsdata we obtained there have been e mail addresses for workers in Spain, Germany, Peru, Argentina, and Chile, and invoices for enterprise companions or prospects in European international locations.
The latest file we may discover in all the data Rey shared was from 2021, although, which appears to verify what the corporate consultant instructed us.
Nevertheless, the hacker is adamant concerning the knowledge coming from a brand new breach from Could 30. To show their level, they began leaking part of the allegedly stolen recordsdata.
“Since Telefonica has been denying a current 106 GB breach containing knowledge from its inside infrastructure, I’m releasing 5 GB right here as proof. Quickly, I’ll publish the total file tree, and over the subsequent few weeks, if Telefonica doesn’t comply, the whole archive can be launched. ;)” – Rey mentioned.
The info was initially distributed utilizing the PixelDrain storage and knowledge switch providers but it surely was eliminated after a number of hours for authorized causes.
The risk actor later distributed one other obtain hyperlink from Kotizada, a service then turned to a different service, Kotizada, which Google Chrome flags as a harmful web site and strongly recommends customers to keep away from it.
Till Telefónica gives an official assertion, it’s unclear if this can be a new breach consisting of outdated knowledge. Nevertheless, from BleepingComputer’s findings, a number of the e mail addresses within the leak belong to lively workers.
The HellCat hacking group just isn’t new on the scene and they’re sometimes targeted on focusing on Jira servers. They’re chargeable for a number of assaults at high-profile corporations.
They claimed compromises at Swiss world options supplier Ascom, Jaguar Land Rover, Affinitiv Schneider Electrical, and Orange Group.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent risk actors.
