Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years.
Syniverse says it has roughly 1,250 customers across 200 countries, including a vast majority of the world’s mobile carriers, such as AT&T, Verizon, T-Mobile, Vodafone, China Mobile, Airtel, Telefónica, and América Móvil. The company’s services are used to connect the networks of different mobile carriers and enable the transmission of data. Syniverse says it enables billions of transactions, conversations and connections every day.
In a recent filing with the U.S. Securities and Exchange Commissions (SEC), the company admitted discovering a data breach in May 2021. An investigation revealed that an unknown threat actor had access to its OT and IT systems since May 2016.
“The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers,” the company said in its SEC filing.
It added, “Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity. Syniverse did not experience and does not anticipate that these events will have any material impact on its day-to-day operations or services or its ability to access or process data. Syniverse has maintained, and currently maintains, cyber insurance that it anticipates will cover a substantial portion of its expenditures in investigating and responding to this incident.”
Based on Syniverse’s description of the attack, it sounds like the work of a state-sponsored threat actor. If that is the case, it’s possible that the attackers may have only targeted a relatively small number of individuals, even though they may have had access to the information of millions — possibly billions — of people who use the services of the 235 Syniverse customers that have been confirmed to be impacted.
Vice’s Motherboard was the first to notice the data breach mentioned in the SEC document, which Syniverse filed ahead of becoming a publicly traded company via a merger with M3-Brigade Acquisition II Corp., a special purpose acquisition company.
Syniverse is not sharing additional information about the impact of the incident, but Motherboard learned from a source working for a mobile carrier that — depending on what was being exchanged in the compromised environment — the attacker may have gained access to call records and message data, such as call length and cost, the numbers and location of the caller and receiver, and the content of SMS messages.
Related: T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks
Related: China Slams US Plan to Expel Phone Carriers in Tech Clash
Related: Major U.S. Mobile Carriers Vulnerable to SIM Swapping Attacks
Eduard Kovacs (
) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Tags: Telecoms Giant Syniverse Discloses Years-Long Data Breach https://ift.tt/3a8vzlW