The breach, detected on February 5, marks the latest in a series of high-profile cyberattacks targeting critical telecommunications infrastructure worldwide.
According to Telecom giant NTT Com, attackers gained unauthorized access to an internal system responsible for managing enterprise service orders a platform critical for provisioning network solutions, IoT deployments, and cloud communications.
The compromised data includes organizational contract identifiers, executive contact details (names, email addresses, phone numbers), physical office locations, and granular service usage metrics.
While the company confirmed the corporate impact, it has not yet disclosed how many individual employee records were exfiltrated, leaving affected organizations uncertain about downstream privacy risks.
Forensic investigators identified a two-stage intrusion pattern. Initial access to the service management system occurred via credential exploitation (MITRE ATT&CK T1078) on February 3, with lateral movement detected toward a secondary network device by February 15.
NTT Com’s security team isolated both systems within hours of detection, but the delayed identification of the second breach suggests potential gaps in network segmentation (NIST SP 800-53 AC-4) and real-time anomaly detection.
The absence of ransomware payloads or public claims by major threat groups complicates attribution.
Cybersecurity analysts speculate the attack may align with nation-state tradecraft focused on intelligence gathering rather than financial extortion.
This hypothesis gains significance given the breach’s proximity to the September 2024 revelations about “Salt Typhoon” (aka RedFoxtrot), a China-nexus advanced persistent threat (APT) group linked to intrusions at U.S. telecom giants.
Salt Typhoon’s documented tactics include exploiting VPN vulnerabilities (CVE-2023-46805) and deploying custom web shells (MITRE ATT&CK T1505.003) to maintain persistence in telecom networks.
Telecommunications firms remain high-value targets due to their role as data custodians for cross-border communications and integration with government networks.
A 2024 Mandiant report notes a 214% year-over-year increase in telecom-focused APT activity, primarily targeting call detail records (CDRs) and SS7/Diameter signaling protocols to enable surveillance or SIM swap attacks.
NTT Com enacted its incident response playbook within 90 minutes of the initial breach detection, according to internal timelines shared with regulators. Measures included:
However, the company faces scrutiny over its 10-day gap in detecting the second compromised device—a lapse cybersecurity experts attribute to insufficient log aggregation and overreliance on perimeter defenses.
Cybersecurity firms advocate immediate adoption of 3GPP’s 5G Security Assurance Specifications (SCAS) to harden network functions virtualization (NFV) environments. Additional priorities include:
As of publication, NTT Com continues working with the Japanese National Center of Incident Readiness and Strategy for Cybersecurity (NISC) to investigate the breach’s full scope.
The company has established a dedicated portal for customer inquiries but has not committed to third-party credit monitoring for affected individuals.
The telecom sector faces an imminent threat as Salt Typhoon and similar organizations increase their attacks on the sector: adapt quickly or risk becoming a permanent gateway for global cyberespionage operations.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
The post Telecom Giant NTT Admits Hackers Accessed 18,000 Corporate Customers Data appeared first on Cyber Security News.
2019’s Ready or Not was a breath of fresh air: a simple, savage game of…
The fact that Slay the Spire 2's Early Access debut plays so similarly to the…
In honor and support of Women’s History Month, state Rep. Joanna McClinton, the first woman…
The Live Nation-Ticketmaster trial is back on. Dozens of states are expected to move forward…
Less slop please. | Image: Spotify Spotify Premium users in New Zealand will be the…
MACHESNEY PARK, Ill. (WTVO) — Students in Harlem High School's welding program are learning about…
This website uses cookies.