HQ/EMEAFind out how we can help your business
Cybercriminals have an ongoing operation that abuses AT&T email accounts to hack into crypto exchange accounts and steal cryptocurrency assets. The researchers immediately clarified that email addresses with domain names, such as bellsouth[.]net, att[.]net, and sbcglobal[.]net, do not suffer any compromise.
Based on reports, the threat actors acquired access to a portion of AT&T’s initial network, enabling them to generate mail keys for every user. Moreover, the attackers used these unique mail keys as credentials by AT&T emails users to login into their accounts with email applications, such as Thunderbird or Outlook. Hence, the actors could access an email without providing a password.
The adversaries could also use an email application to log into any account by acquiring the primary key of their target. Additionally, they could also use the primary key to reset passwords or other malicious actions like accessing cryptocurrency exchanges.
Threat groups obtained a whole AT&T database.
One of the hackers admits that the group has access to a whole AT&T employee database that allowed them to acquire information related to OPUS. The OPUS platform is an AT&T portal for the company’s employees.
A representative from AT&T denied that the hackers had access to their internal company systems. The company representative also explained that their investigation showed no sign of intrusion within their systems. This however is in contrast to the multiple victims claiming attacks had struck them and suffered losses.
One affected individual claimed that the hackers nabbed about $130,000 from their Coinbase account. Another victim also revealed that a hacker has been targeting its accounts since November last year.
Other reports also claimed that a separate hacking operation had reset AT&T email accounts, which allowed them to earn about $20 million from stolen crypto. The same hackers have also allegedly accessed the internal VPN of AT&T.
The recent cybercriminal activities showed how exposed email accounts could allow hackers to access other services and email keys. The access to primary email keys could also allow an attacker to connect to other services like cryptocurrency accounts.
Experts suggest that AT&T users should update their security protocols to avoid the effects of these campaigns.
