Connect with us

STICKY

Access to Tata Communications servers sold after breach, hackers claim

Published

on

After Facebook and Mobikwik, hackers have claimed to got access to another major tech giant in India. As per two posts by hackers on a hackers’ forum, they have gained access to Tata Communications servers. In the posts, the hackers are offering backdoor entry to anyone who is willing to pay $9000 for the servers.

Access to servers sold, claimed hackers

In a March 15 post, the hackers claimed that they have got access to the servers of Tata Communications. They were offering access for $18,000 in the form of Bitcoins. The buyer would get:

  • Access partners
  • Access to the internal network
  • Access to the webserver
  • Access to DB’s
  • +30 Billion billable transactions
  • Access to all SMS and telecom servers
March 15 post by hacker

The hackers offered a discount if needed. By March 11, the hackers dropped the price substantially and asked for $9,000 in Bitcoins. However, when we tried contacting the hackers, they claimed that the access to Tata servers had been sold. On inquiring further whether the person who got access to the servers can access them remotely, the hacker said the servers are behind firewalls, and the buyer did not buy bypass from them. However, with the information they have, they can use Web Shell access to gain persistent access to the company’s databases.

What exactly is the Web Shell access?

A Web Shell is a malicious script used by threat actors with an intent to escalate and maintain continuous access to an already compromised web application or server. It has to be noted that a Web Shell cannot attack or exploit the remote vulnerabilities on its own. However, it is the second step of an attack.

In this case, the threat actors would use the vulnerabilities exiting on the Tata Communication servers, which they learnt about from the data bought from the hacker. Using the vulnerabilities, they can initiate a social engineering attack to attain file upload capabilities and transfer of malicious files or the Web Shells. Some of the common functionalities include, but not limited to, shell command execution, database enumeration, code execution and file management.

Databases worth 50 GB up for sale

According to the second post by the hackers, they are willing to sell the 50GB Database of Tata Communications. They might have gained access using the vulnerabilities they talked about in the previous post. The hackers alleged that the database contains

  1. Customers details: username – password (plaintext) – servers information – servers logs – phone numbers and etc.: If hackers are to be believed, this will provide the buyer access to the server credentials of Tata Communications’ customers.
  2. CRM and Organizational automation DB’s: Customer Relationship Management (CRM) and Organizational automation Database contains information of the sales that the company has made over time and information about its customers. Such a system helps the company to track and manage the engagement between customers and responsible teams at the company. This system is used for both existing and prospective customers. If someone gets access to this information, it can be used to get detailed information of the contracts between the company and the customer. In the wrong hands, it can potentially cause financial losses to the company.
  3. Employees Emails Backup: This is the most dangerous set of information that the hacker has offered in the database. Employees emails backup can provide a lot of information about the company processes, customer details, projects the company is working on, in-house trade secrets and much more. It is still unclear how much information is available to the hackers. Another point that one has to keep in mind here is that the access to the servers has already been sold. If the hackers have provided correct information, someone might have already started accessing the databases using the vulnerabilities exploited by the hackers.
  4. Servers access information (usernames – passwords (plaintext) – IP): The hackers claim that they are providing passwords in plaintext format. That means they have already been dehashed. In this case, if the information is correct, anyone who has access to this database will be able to access different servers and exploit the data available on the said servers.
  5. Admin panels information (usernames – passwords (plaintext) – URLs): Using this information, the buyer of the database can access admin panels at Tata Communications, making the trade information vulnerable to leas.
  6. Internal networks Maps and diagrams
  7. Employees Maps
March 26 post by hacker

The sample data

OpIndia got access to the sample of the database. There were a total of eight files and one folder in the sample data. In the folder, there were some invoices dating back to 2016-17. These invoices were issued by one of the Tata Communications business partner and telecom giant Etisalat. Both companies had signed MoU in 2013 to build multi-service regional network infrastructure in UAE.

sample invoice (screenshots from sample data)

In a file titled Tel-data-2021, details of Tata Communications clients’ network usage was found. The majority of the clients mentioned in this list were from Saudi Arabia.

Client information from Saudi Arabia (screenshots from sample data)

Another file shared by the hacker had usernames, passwords in text format (possibly dehashed) and email addresses and other details of one of Tata Communications clients that is a Cloud Communication Platform provider. Notably, one of the users had his phone number as the password. When we reverse checked the number, it turned out to be registered to the same name, which weighs in for the authenticity of the data.

Username and password of a client of Tata Communications (screenshots from sample data)

The hacker also shared a sample of SMS servers of Tata Communications. It has to be noted that the services of Tata Communications are used by several companies, including banks, institutes, government organizations and more. In this particular file, we were able to check the numbers of the users and what messages they exchanged. The messages ranged from October 2020 to March 2020. Please note that this was only a sample, and the hackers have claimed to have access to the latest data dump.

SMS server sample (screenshots from sample data)

Another database potentially has information of the internal invoices.

Accounts information sample including invoice details (screenshots from sample data)

There is still a lot of information in the sample data dump that we believe should not be shared anywhere. The screenshots included in this report are not even 0.1% of the data the hackers provided in the data sample.

Tata Communications is yet to comment

We have contacted Chief Technology Officer at Tata Telecommunications via email and waiting for their reply. Once they provide us with any information about the alleged leak/breach, we will update the story.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

NEWS

Dehradun-Mussoorie Ropeway To Come Up Soon – Centre Approves Transfer Of ITBP Land To Uttarakhand

Published

on

Dehradun-Mussoorie Ropeway

The Union Cabinet gave its nod to the transfer of Indo-Tibetan Border Police (ITBP) land in Uttarakhand for development of a ropeway system between Dehradun and Musoorie.

“The Cabinet chaired by the Prime Minister Shri Narendra Modi, has approved transfer of 1500 square metres of land belonging to Indo-Tibetan Border Police (ITBP) at Mussoorie to the State Government of Uttarakhand for their infrastructure project, namely, ‘Aerial Passenger Ropeway System’ between Dehradun and Mussoorie,” 

The proposed Ropeway is a mono-cable ropeway of 5,580 meters length under Public Private Partnership (PPP) mode between Purkul Gaon, Dehradun and Library Road, Mussoorie being constructed at an estimated cost of Rs 285 crore with a carrying capacity of 1000 persons per hour per direction.

Continue Reading

ENTERTAINMENT

(Viral) Here’s Come The Party Owl | Internet Trending Meme 2021

Internet is full of fun, specially if it’s about the ‘memes’. Recent snappy video of an Owl is getting viral on web day by day. An Owl who is bored and fed up of lockdown, is willing to have fun outside. When suddenly hears party sound, his reaction is awesome!.

Published

on

Internet is full of fun, specially if it’s about the ‘memes’. Recent snappy video of an Owl is getting viral on web day by day. An Owl who is bored and fed up of lockdown, is willing to have fun outside. When suddenly hears party sound, his reaction is awesome!.

Watch the star Owl reaction below and share with your friends:

Continue Reading

ENTERTAINMENT

Woman Gives Birth To 9 Babies | Created New World Record

It’s a new world record has been set for the most number of birth given at a time, with a shocking number of 9 in total.

Published

on

A Malian woman gave birth to nine babies on Tuesday – two more than doctors had detected inside her crowded womb – joining a small pantheon of mothers of nonuplets.

The pregnancy of Halima Cisse, 25, has fascinated the West African nation and attracted the attention of its leaders. When doctors in March said Cisse needed specialist care, authorities flew her to Morocco, where she gave birth.

“The newborns (five girls and four boys) and the mother are all doing well,” Mali’s health minister, Fanta Siby, said in a statement.

Cisse was expected to give birth to seven babies, according to ultrasounds conducted in Morocco and Mali that missed two of the siblings. All were delivered by cesarean section.

Nonuplets are extremely rare. Medical complications in multiple births of this kind often mean that some of the babies do not reach full term.

It’s a new world record has been set for the most number of birth given at a time, with a shocking number of 9 in total.

Continue Reading
Advertisement

Recent Posts

UPDATES