Cyber Incident Victim: AT&T

On or around June 21, 2023, a hacker operating on a Russian-language cybercrime forum posted an advertisement offering unauthorized access to a military satellite for sale. The satellite was purportedly owned by Maxar Technologies, a prominent US-based space technology company headquartered in Colorado. The company specializes in manufacturing communication, Earth observation, radar, and on-orbit servicing satellites. The access was advertised at a price of $15,000. The seller claimed that potential buyers gaining this access could acquire sensitive information regarding US military and strategic positioning, suggesting a significant potential compromise of national security given the crucial role such satellites play in surveillance, communication, and strategic operations. The hacker attempted to lend credibility to the offer by proposing the use of Escrow, a trusted third-party payment service, as part of the transaction. The authenticity of the hacker's claims regarding the satellite access remained unverified at the time of reporting.

In a related post observed on the same forum, the same individual offered access to email accounts within AT&T Corporation. This access was priced at $7,000. The seller specifically claimed that the provided access would have two-factor authentication (2FA) disabled, thereby leaving the targeted email accounts vulnerable to compromise and subsequent cyber attacks. AT&T, as a major US telecommunications entity, handles vast quantities of sensitive information, including customer data and internal corporate communications. A breach of these email accounts could have led to the exposure of confidential information and potentially enabled further unauthorized activities, such as targeted phishing campaigns or intellectual property theft. As with the satellite access claim, the credibility and legitimacy of the offer concerning AT&T email access were also unverified.

The public disclosure of these advertisements prompted immediate concern regarding potential security vulnerabilities within the systems of both Maxar Technologies and AT&T. The implications of unauthorized access to a military satellite were described as severe, with the potential to compromise national security and pose a serious threat due to the critical infrastructure involved. The breach of AT&T email accounts carried significant risk for the exposure of sensitive corporate and customer data. The incident highlighted the ongoing activity on Russian-language hacker forums where access to critical US cyberinfrastructure and sensitive data is frequently brokered and sold.

The recommended response, as reported, was for the affected companies to take immediate action to investigate the potential security vulnerabilities and address any potential breaches. This necessitated a thorough examination of their systems to determine the validity of the hacker's claims. Furthermore, the report emphasized the need for collaboration between law enforcement agencies, cybersecurity firms, and the implicated corporations to investigate the claims, identify any potential vulnerabilities, and take necessary steps to ensure the security and integrity of their systems and data. The public was advised to remain vigilant and employ strong security measures, though the direct impact on individual customers was not detailed in the initial report.

This incident was noted as part of a broader pattern of malicious activity on such forums. The article referenced previous instances where critical US infrastructure and data were offered for sale, including an incident in March of the same year involving 350 GB of data from the US Marshals Service being sold for $150,000. It also recalled an FBI warning from May 2021 concerning the sale of network credentials and VPN access information from various US colleges that had been obtained through ransomware, spear-phishing, and other cyberattacks. The offering of AT&T email access on a Russian forum fits within this established context of cybercriminals targeting and monetizing access to American organizational assets. The specific methods used to initially gain the purported access to either Maxar's satellite systems or AT&T's email accounts were not disclosed in the available information. The ultimate outcome of any investigations by the companies or law enforcement was not reported at the time.