It took the company more than six months to eliminate malware from its network.
A1 Telekom, the largest Internet service provider in Austria, was the victim of a cyber attack. An insider using the pseudonym Libertas told blogger Christian Haschek details of a cyber attack in November 2019.
The A1 Telekom security team detected malware only a month after the attack, however, it turned out to be much more difficult to eliminate the malware than originally thought. From December 2019 to May 2020, specialists fought with malware operators, trying to remove all their disguised backdoor components and drive the attackers out of the company’s network.
Malicious software infected only computers in the office network, and not the entire IT system, which consists of more than 15 thousand workstations, 12 thousand servers and thousands of applications. The attackers allegedly manually controlled malware in order to spread the infection to other systems on the company's network. Criminals managed to hack some databases and even fulfill database queries in order to examine the company's internal network.
As A1 Telekom representatives noted, despite a rather lengthy fight against malware that lasted more than six months, the attacker was unable to steal any confidential customer data. The company reset passwords for the accounts of all its 8 thousand employees and changed passwords and access keys for all servers.
According to the blogger, the cyber attack was carried out by the cybercriminal group Gallium, specializing in hacking telecommunication providers around the world.
__________________
A1 Telekom, the largest Internet service provider in Austria, was the victim of a cyber attack. An insider using the pseudonym Libertas told blogger Christian Haschek details of a cyber attack in November 2019.
The A1 Telekom security team detected malware only a month after the attack, however, it turned out to be much more difficult to eliminate the malware than originally thought. From December 2019 to May 2020, specialists fought with malware operators, trying to remove all their disguised backdoor components and drive the attackers out of the company’s network.
Malicious software infected only computers in the office network, and not the entire IT system, which consists of more than 15 thousand workstations, 12 thousand servers and thousands of applications. The attackers allegedly manually controlled malware in order to spread the infection to other systems on the company's network. Criminals managed to hack some databases and even fulfill database queries in order to examine the company's internal network.
As A1 Telekom representatives noted, despite a rather lengthy fight against malware that lasted more than six months, the attacker was unable to steal any confidential customer data. The company reset passwords for the accounts of all its 8 thousand employees and changed passwords and access keys for all servers.
According to the blogger, the cyber attack was carried out by the cybercriminal group Gallium, specializing in hacking telecommunication providers around the world.
__________________