Kathmandu. Chinese hackers are suspected to have hacked Nepal Telecom's server. Chinese cybercriminals have claimed to have hacked the Oracle GlassFish server used by a state-owned telecommunications company and even stolen call data records (CDRs).
But Telecom has claimed that hackers did not have access to the CDR. The hackers reportedly used Advanced Persistent Threat (APT) 41 and Advanced Persistent Threat (APT) 71 tactics and backdoor weapons.
Telecom Managing Director Dilliram Adhikari claimed that the company's main server was secure. Talking to Tekpana, he said, "It is estimated that the old CDMA server may have been attacked. Our technical team is studying this subject in detail. Our main server is protected by a high-level firewall.
Cybersecurity company Bhairab Technology says Chinese government-sponsored hackers use tactics and backdoor weapons. On this basis, although the direct involvement of Chinese government hackers in hacking could not be confirmed, there is an analysis of Bhairav Technology that they could be contract hackers.
According to the cybersecurity company, the hackers took CDR data from APT 41 and APT 71 from Telecom's servers. "Confidential documents used to be taken earlier," Vijay Limbu, founder, and CEO of Bhairav Technology, told TechPana. But I'm not sure what was in it. '
Criminals have used the web vulnerability scanner tool Acunetix to attack Telecom's servers. Then using the Cobalt Strike Offensive tool to leave the backdoor on the company's server and steal data.
A backdoor is a method of erecting a security re-entry gate once a security vulnerability has been discovered. But the cyberattack on the company has been going on since last June. "The plan seems to have been made before then," Limbu said.
It has also been found that the data stolen from the telecom server has been kept on the dark web for sale. On June 29, an unidentified person sold the CDR call data record of the telecom for 250 US dollars.
In which data of telecom companies of Philippines, Pakistan, and Nepal are kept for sale. But the exact extent of the data has not been confirmed. According to cybersecurity researchers, this is a cyber-attack due to failure to scan and patch the vulnerability in time.
"It's not a zero-sum security vulnerability," said Limbu, a cybersecurity expert. From this, it was seen that Telecom does not have a clear processor to patch by valence assessment.
