The largest internet service provider in Austria was hit by a security breach this week, in the wake of enduring a malware infection in November 2019, following an informant’s report.
A1 Telekom said that their security team identified the malware a month later; however, that expelling the infection was trickier than it was initially envisioned.
From December 2019 to May 2020, its security team had stood up to the malware’s operators in endeavors to expel the entirety of their hidden backdoor components and kick out the intruders.
The Austrian ISP told a local blogger that the malware just infected computers on its office network, yet not its whole IT framework, which comprised of approximately more than 15,000 workstations, 12,000 servers, and a large number of applications.
In interviews with the Austrian press [1, 2, 3], A1 said that the multifaceted nature of its internal system kept the attacker from advancing toward various frameworks “because the thousands of databases and their relationships are by no means easy to understand for outsiders.”
The attackers evidently assumed manual control for the malware and endeavored to extend this initial foothold on a couple of frameworks to the company’s whole system.
A1 said the attacker figured out how to compromise a few databases and even ran database inquiries so as to become familiar with the company’s interior system.
A1, which hadn’t disclosed the nature of the malware, didn’t state if the ‘intruders’ were ‘financially-focused’ cybercrime gang or a nation-state hacking group.
While A1 declined to remark on the informant’s attribution. Christian Haschek, the Austrian blogger and security researcher who originally broke the story, said the informant asserted the hack was carried out by Gallium, a codename utilized by Microsoft to portray a Chinese nation-state hacking group specializing in hacking telecom providers across the world.