Cyber Incident Victim: Nokia Solutions and Networks US LLC
Date:
Jun 2021
Location:
United States of America
Summary
A Nokia subsidiary experienced a ransomware attack by the Conti group, leading to system encryption and data theft. The attackers compromised sensitive personal information including names, government IDs, Social Security numbers, health insurance details, and contact data. Following the breach, the company implemented firewall adjustments, VPN disconnections, and enhanced security tools to mitigate further risks. Conti ransomware operators claimed possession of 250GB of stolen files and threatened public release unless a ransom was paid. The incident underscores the persistent threat posed by ransomware groups targeting critical infrastructure sectors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 16, 2021, SAC Wireless, a Chicago-based Nokia subsidiary specializing in cellular network design and deployment for telecom carriers, tower owners, and OEMs, discovered a ransomware attack after Conti operators encrypted its systems. The attackers had already breached the network, exfiltrated approximately 250GB of data, and deployed payloads prior to detection. Forensic analysis confirmed the stolen files contained extensive personal information, including employee and customer names, dates of birth, contact details, government-issued identification numbers, Social Security numbers, health insurance information, and license plate numbers. Conti ransomware group publicly claimed responsibility for the attack and threatened to leak the stolen data unless a ransom was paid. SAC Wireless immediately initiated containment measures, including firewall rule modifications, VPN disconnections, and deployment of additional security tools to isolate compromised systems and prevent further spread of the ransomware.
The breach impacted SAC Wireless’s operational continuity and exposed sensitive personally identifiable information, creating significant risks of identity theft and financial fraud for affected individuals. The company’s forensic investigation concluded that Conti operators, a group associated with the Wizard Spider cybercrime syndicate known for targeting healthcare and critical infrastructure sectors, executed the attack with precision. SAC Wireless publicly disclosed the incident over two months later on August 23, 2021, following internal reviews. The compromise highlighted vulnerabilities in the supply chain of telecommunications infrastructure providers, particularly those involved in 5G and FirstNet network upgrades. No evidence suggested Nokia’s parent company systems were compromised, as SAC Wireless operated independently despite full ownership by Nokia. The incident underscored Conti’s continued adaptation in breaching high-value targets to extort payments through data theft and encryption dual-threat tactics.