Telefonica has confirmed a breach of its internal systems, with hackers claiming to have stolen over 236,000 lines of customer data. The data was reportedly exfiltrated from a Jira database, with the attackers posting screenshots of the stolen information on a hacking forum. In addition to the customer data, the breach also includes internal ticketing data and more than 5,000 documents in various formats, including PDFs, Word files, and PowerPoint presentations.
According to cybersecurity firm Hudson Rock, the breach was facilitated by infostealer malware, which compromised the credentials of more than 15 Telefonica employees. The attackers used social engineering tactics to expand their access, specifically targeting employees with administrative privileges to gain control over critical servers. This method allowed the hackers to access sensitive operational details, including project plans, internal workflows, and vulnerabilities within the company’s infrastructure.
Wire Tor, an ethical hacking company, identified three of the attackers as members of the Hellcat ransomware group, with an estimated 2.3GB of stolen data. Hudson Rock’s analysis further revealed that 24,000 employee emails and names were exposed, as well as 500,000 Jira issues and summaries. These documents may contain confidential information, presenting a significant risk to Telefonica’s security and operations. The breach has raised concerns about the exploitation of internal weaknesses and the potential for further attacks.
Telefonica has taken steps to block unauthorized access.
Telefonica has taken steps to block unauthorized access and is currently investigating the breach. The company confirmed that the breach involved strategic targeting and manipulation of its internal systems, with the attackers leveraging multiple techniques to maintain persistence within its infrastructure. Hudson Rock’s findings indicate a pattern of vulnerability, noting that 531 employee computers had been infected with infostealers in 2024 alone, which had led to the theft of corporate credentials. This attack highlights the increasing sophistication of cyber threats targeting large corporations.
.
Reference:
