TE Data

TE Data operates as a major Egyptian telecommunications provider, delivering core services including internet provision and fixed-line telephony to residential and business customers within Egypt. Its position as a significant national ISP and telecom operator places it within the critical infrastructure sector, managing extensive networks that handle substantial volumes of client communications and data traffic. The company's service scope is primarily domestic, serving the Egyptian market with connectivity solutions that form a part of the country's essential digital backbone. As a key player in Egypt's telecom landscape, it inherently possesses a large customer base and network footprint, though specific quantitative metrics regarding subscriber numbers or infrastructure scale are not provided in the available information. Its operations involve the processing and storage of sensitive customer data, including private information and call detail records, which constitutes a valuable target for threat actors seeking intelligence.

The organization's recent history is notably defined by a sophisticated cyber intrusion attributed to the Hezbollah-affiliated threat actor Lebanese Cedar. This campaign, which began in early 2020, exploited unpatched vulnerabilities in the organization's Atlassian and Oracle servers to gain initial access. The attackers deployed persistent web shells such as ASPXSpy and Caterpillar 2, allowing them to infiltrate internal networks and move laterally. The ultimate objective was intelligence gathering, culminating in the exfiltration of sensitive databases containing client call records and private information using the proprietary Explosive RAT malware. Security researchers linked the attack conclusively to Lebanese Cedar based on the exclusive use of this toolset and distinct operational patterns, identifying TE Data among over 250 compromised servers globally during this series. This incident underscores the organization's role as a high-value target for state-aligned espionage campaigns due to its access to telecommunications data, highlighting both the critical nature of its assets and the persistent threat posed by advanced persistent threat groups to the regional telecom sector. The breach illustrates a direct compromise of its core infrastructure and customer data integrity, a significant distinguishing event in its operational timeline.