Iranian hackers target telecommunications in Nigeria, NCC warns

Iranian hackers target telecommunications in Nigeria, NCC warns

The Nigerian Communications Commission (NCC) has alerted Nigerians to the existence of a group of hackers orchestrating cyber espionage in the African telecommunications space.

It has been reported that an Iranian hacker group known as Lyceum (also known as Hexane, Siamesekitten or Spirlin) is targeting telecommunications, internet service providers (ISPs) and ministries of foreign affairs (MFAs) in Africa with updated malware. .

NCC in a notice on Monday said that information about this cyber attack is contained in the latest warning issued by the Nigerian Cyber ​​Emergency Response Team (ngCERT).

The ngCERT rated the likelihood and damage level of the new malware as high, NCC said.

According to the advisory, the hacker group is known to be focused on infiltrating the networks of telecom companies and ISPs.

Between July and October 2021, the Daily Trust reports that Lyceum was implicated in attacks on ISPs and telecommunications organizations in Israel, Morocco, Tunisia and Saudi Arabia.

The Advanced Persistent Threat (APT) group has been linked to campaigns that have targeted Middle Eastern oil and gas companies in the past.

Now, the group appears to have broadened its focus on the tech sector.

Furthermore, the APT is responsible for a campaign against the Ministry of Foreign Affairs of an unnamed African government.

According to the attacker’s mode of operation, Lyceum’s initial attack vectors include credential stuffing and brute force attacks, according to NCC.

“So once a victim’s system is compromised, attackers carry out surveillance on specific targets. In that mode, Lyceum will attempt to distribute two different types of malware: Shark and Milan (jointly known as James), ”revealed the Nigerian telecommunications regulator.

He said both malware are backdoors.

It said, “Shark, a 32-bit executable written in C # and .NET, generates a configuration file for Domain Name System (DNS) tunneling or Hypertext Transfer Protocol (HTTP) C2 communications; while Milan, a 32-bit Remote Access Trojan (RAT) recovers the data.

“Both are able to communicate with the command and control (C2) servers in the group. The APT maintains a network of C2 servers that connect to the group’s backdoors, made up of over 20 domains, including six that were not previously associated with the threat actors ”.

According to reports, individual accounts at interest companies are usually targeted and then, once hacked, these accounts are used as a stepping stone to launch spear-phishing attacks against high-profile executives in an organization.

The report suggests that not only do these attackers seek data on subscribers and related third-party companies, but once compromised, threat actors or their sponsors can also use these industries to monitor individuals of interest.

However, to protect against these types of threats, the NCC reiterated that ngCERT reports that multiple layers of security in addition to constant network monitoring are required by both telecom companies and ISPs to avoid potential attacks.

In particular, telecommunications consumers and the general public are advised to: ensure the consistent use of firewalls (software, hardware and cloud firewalls); enable a Web Application Firewall to help detect and prevent attacks from web applications by controlling HTTP traffic; install up-to-date antivirus programs to help detect and prevent a wide range of malware, Trojans and viruses, which APT hackers will use to exploit your system.

Other precautions include: Implementing the use of intrusion prevention systems that monitor the network; create a secure sandboxing environment that allows you to open and run untrusted programs or code without risking damaging your operating system; ensure the use of virtual private network (VPN) to avoid an easy opportunity for APT hackers to gain initial access to your company’s network and enable spam and malware protection for your email applications and educate your employees on identifying potentially harmful emails.

Source: – Daily Trust

Be the first to comment

Leave a Reply

Your email address will not be published.