Summary:
Cybercriminals have compromised a third-party provider linked to Verizon's Push-to-Talk systems, a service used by government agencies, first responders, and enterprises for secure internal communication. This breach, advertised on a Russian-language cybercrime forum, does not impact Verizon's core consumer network but reveals significant vulnerabilities in telecoms' security practices. The compromised data includes administrative access credentials, call logs, emails, and customer contact details. The breach was perpetrated by Cyberphantom and Judische, two known figures in the cybercrime community associated with the "Com," a loose group of young English-speaking cybercriminals who exploit multinational corporations. "Verizon became aware that a third party provider of push to talk services was compromised by a threat actor. After reviewing the incident, we discovered that a narrow set of data elements from a relatively small number of Verizon customers had been exposed," Richard J Young, a spokesperson for Verizon, told 404 Media in a statement.

The attackers have not initiated any extortion attempts against Verizon, instead opting to sell 900 GB of data. This data includes interconnected infrastructure servers, APIs, and admin-level accounts. The hackers priced the breach at $200,000, open for negotiation. While this attack is not state-sponsored, the group operates similarly to more sophisticated threat actors like Scattered Spider, responsible for high-profile breaches like the MGM Resorts incident in 2023. Cyberphantom confirmed to 404 Media that the stolen data specifically came from Verizon's PTT systems, critical to secure mission communications. The group refrained from sharing personal samples such as names or addresses but indicated their involvement with previous breaches of AT&T and other telecoms. Verizon confirmed that no personal or sensitive financial information was exposed in this incident, and they are collaborating with the third-party provider to bolster their security posture.


Security Officer Comments:
This event, although smaller in scale compared to recent breaches, underscores the increasing threat posed by decentralized, youth-driven cybercrime organizations. These groups often overlap with entities like Scattered Spider, which the FBI now ranks as a top-tier cyber threat alongside China and Russia. Verizon's response reflects an ongoing industry-wide challenge in securing third-party services integral to critical communications, and further highlights telecom providers' exposure to both state-sponsored and cybercriminal threats.


Link(s):
https://www.404media.co/hackers-advertise-stolen-verizon-push-to-talk-call-logs/