Telstra service provider hit by cyber attack as hackers claim SIM card information stolen

Telstra service provider hit by cyber attack as hackers claim SIM card information stolen
Hackers claim they have accessed ‘tens of thousands’ of SIM cards after a Telstra service provider was infiltrated in a massive cyber attack.

Anton Nilsson
NCA NewsWire
MAY 4, 20212:11PM
Video
Image
Australian companies are losing almostPause

Unmute
Current Time 0:06
/
Duration 0:44

Fullscreen
UP NEXT










Inside the Australian Cyber Security Centre operations, cyber warfare specialists combating advanced persistent threats by State actor backed hackers, notably from China and Russia.
Hackers have claimed they have gained access to “tens of thousands” of SIM cards after a cyber attack against an Australian telecom firm.

The victim, Melbourne-based Schepisi Communications, describes itself as a “platinum partner” of Telstra that supplies phone numbers and cloud storage services on behalf of the telecommunications giant.

The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web.

“We have a large amount of data on mobile devices, tens of thousands of SIM cards … financial information, contracts, banking information,” the ransom note read.

Telstra confirmed there had been a security breach that affected one of its “dealers”.

“We’ve been in contact with the dealer and been told some ‘high level’ Telstra business customer information, such as mobile phone numbers, may have been accessed from its order fulfilment system,” a Telstra spokesman said.

A Telstra service provider was hit in a cyber attack. Picture: NCA NewsWire / Naomi Jellicoe
A Telstra service provider was hit in a cyber attack. Picture: NCA NewsWire / Naomi JellicoeSource:News Corp Australia

“We are getting more information but don't believe any sensitive personal information was included.

“Our specialist cyber security team are working closely with the dealer to help them resolve the issue.”

The spokesman added that Telstra had strict guidelines for how business partners accessed customer data and said no Telstra systems were breached.

Excerpts of documents posted on the dark web as part of the extortion attempt appeared to show customer phone numbers and addresses.

Among Schepisi’s customers that appeared to have had their information exposed were global food conglomerate Nestle, a Melbourne radio station, an Australian property management firm, and a financial services company based in Victoria.

Part of the ransom note posted by hackers to the dark web.
Part of the ransom note posted by hackers to the dark web.Source:Supplied

An archived version of Schepisi’s website from earlier this year shows the company offers business clients access to and support for Telstra products and services.

That includes helping businesses “migrate” their documents from physical servers onto Telstra’s cloud storage service.

“A Telstra cloud service eliminates the need for businesses to have their own servers because all business data is stored in virtual servers online,” Schepisi’s website read.

The company also offers access to Telstra’s mobile phone plans for businesses.

The hacker group’s ransom note was posted late last week and included a ticking timer that was set to expire this weekend.

The hackers claimed ‘tens of thousands’ of SIM cards were impacted. Picture: NCA NewsWire / Naomi Jellicoe
The hackers claimed ‘tens of thousands’ of SIM cards were impacted. Picture: NCA NewsWire / Naomi JellicoeSource:News Corp Australia

The criminals implored the company to “communicate and co-operate” before then or “valuable company documents” would be leaked.

Brett Callow, threat analyst with the cyber security firm Emsisoft, said the hackers were using a “triple-pronged” mode of attack by stealing data, encrypting that information so that it couldn’t be accessed without the hackers’ help, and shutting down the victim’s website.

“The targets have three problems with which to deal: their data has been stolen, their systems have been locked and they’re under a DDoS attack,” Mr Callow said.

DDoS means “distributed denial of service” and is a way to shut down a website by flooding it with pointless data requests that overwhelm the system.

“Companies in this situation are, unfortunately, without good options,” Mr Callow said.

“They’ve been had a data breach and that cannot be undone. Paying the ransom simply gets them a promise that the stolen data will be deleted – and, as that promise is coming from an untrustworthy bad faith actor, it carries very little weight.”

The ransomware used in the attack was the same as the one used against a Victorian high school last week.

After that attack, hackers uploaded excerpts of what they said were stolen documents online, including one that appeared to bear the name of a student.

Victoria’s Department of Education and Training confirmed the school incident, saying “a number of the school’s files” were impacted.

NCA NewsWire contacted Schepisi Communications for comment.