A hacker is threatening to leak 106GB of information allegedly stolen from Spanish telecommunications firm Telefónica in a breach that the corporate didn’t acknowledge.
The menace actor has leaked a 2.6GB archive that unpacks into 5 gigabytes of information with slightly over 20,000 information to show that the breach occurred.
The breach allegedly occurred on Could 30 and the hacker claims that they had 12 hours of uninterrupted knowledge exfiltration earlier than defenders revoked entry.
The hacker claiming duty for the assault is named “Rey” and is a member of the Hellcat Ransomware group – liable for one other breach at Telefónica in January via an inside Jira improvement and ticketing server.
Rey instructed BleepingComputer that they exfiltrated 385,311 information totaling 106.3GB of inside communications (e.g. tickets, emails), buy orders, inside logs, buyer data, and worker knowledge.
In addition they stated that the Could 30 breach was attainable due to a Jira misconfiguration after the corporate handled the earlier compromise.
BleepingComputer tried on a number of events since June third to succeed in out to Telefónica over electronic mail. We additionally contacted a number of C-suite staff however obtained no acknowledgment of the Could 30 breach.
The one response we obtained got here from a Telefónica O2 worker, who dismissed the alleged incident as an extortion try utilizing outdated info from a beforehand identified incident.
Telefónica O2 is the Spanish firm’s model for its telecommunications companies within the U.Ok. and Germany.
Rey shared with BleepingComputer a pattern and file tree of the info allegedly stolen from Telefónica on Could 30. Among the information included invoices to enterprise shoppers in a number of international locations, together with Hungary, Germany, Spain, Chile, and Peru.
Within the information we obtained there have been electronic mail addresses for workers in Spain, Germany, Peru, Argentina, and Chile, and invoices for enterprise companions or prospects in European international locations.
The newest file we might discover in all the data Rey shared was from 2021, although, which appears to verify what the corporate consultant instructed us.
Nonetheless, the hacker is adamant in regards to the knowledge coming from a brand new breach from Could 30. To show their level, they began leaking part of the allegedly stolen information.
“Since Telefonica has been denying a current 106 GB breach containing knowledge from its inside infrastructure, I’m releasing 5 GB right here as proof. Quickly, I’ll publish the complete file tree, and over the following few weeks, if Telefonica doesn’t comply, all the archive shall be launched. ;)” – Rey stated.
The information was initially distributed utilizing the PixelDrain storage and knowledge switch providers but it surely was eliminated after a couple of hours for authorized causes.
The menace actor later distributed one other obtain hyperlink from Kotizada, a service then turned to a different service, Kotizada, which Google Chrome flags as a harmful web site and strongly recommends customers to keep away from it.
Till Telefónica supplies an official assertion, it’s unclear if it is a new breach consisting of previous knowledge. Nonetheless, from BleepingComputer’s findings, among the electronic mail addresses within the leak belong to lively staff.
The HellCat hacking group shouldn’t be new on the scene and they’re usually targeted on focusing on Jira servers. They’re liable for a number of assaults at high-profile corporations.
They claimed compromises at Swiss international options supplier Ascom, Jaguar Land Rover, Affinitiv Schneider Electrical, and Orange Group.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
