Global Telecom Solutions (GTS) experienced a coordinated ransomware and data theft extortion campaign carried out by UNC3944 in early 2023. The adversary exploited help desk personnel through targeted social engineering calls impersonating internal IT staff to reset authentication controls and disable multi-factor protections. Once inside, UNC3944 deployed a double-extortion ransomware payload that encrypted critical systems, including billing platforms, network management consoles, and customer service tools, halting all voice and data services. Simultaneously, they exfiltrated sensitive customer records such as names, addresses, call histories, and SIM card assignment data. The malicious actors demanded a substantial ransom, threatening to release stolen files publicly and auction them on dark-web forums if payment was not made within the specified timeframe. GTS faced significant operational downtime lasting multiple days, resulting in revenue losses exceeding tens of millions of dollars and widespread customer dissatisfaction. The breach also triggered regulatory investigations and notification obligations, further amplifying legal and compliance costs. Brand reputation suffered irreparable damage as competitors and news outlets highlighted the scale of the incident. GTS invested heavily in incident response, forensic analysis, and remediation measures, yet recovery timelines extended for months due to the complexity of decrypting data and restoring backup integrity.
Source: https://cybersecuritynews.com/unc3944-hackers-evolves-from-sim-swap-to-ransomware/
"id": "glo546050725",
"linkid": "global-telecom-solutions",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"