Starting in early 2023, UNC3944 initiated a complex assault on Global Communications Inc., a leading telecommunications provider. Utilizing advanced social engineering tactics, the attackers exploited help desk personnel by impersonating internal support staff via collaboration platforms. They successfully tricked multiple employees into resetting multi-factor authentication settings, granting the threat actors unauthorized access to internal systems. Once inside, UNC3944 deployed a custom ransomware strain that encrypted critical network infrastructure, halting customer billing processes and service provisioning. Simultaneously, they exfiltrated terabytes of sensitive customer records, including personal identifiers, financial account details, and call metadata. When the company refused initial ransom demands, the group issued public extortion threats and began leaking customer datasets on underground forums. The combined encryption of business-critical systems and exposure of private customer information resulted in significant service outages, regulatory scrutiny, and widespread loss of consumer trust. Global Communications Inc. was forced to allocate substantial resources towards forensic investigations, incident response, and customer remediation efforts, ultimately incurring millions in recovery costs and potential class-action lawsuits. Law enforcement agencies and third-party forensic teams were engaged to contain the breach, and Global Communications deployed enhanced security training and access controls post-incident. The reputational damage led to a temporary spike in customer churn and a noticeable decline in share value.
Source: https://cybersecuritynews.com/unc3944-hackers-evolves-from-sim-swap-to-ransomware/
"id": "glo845050725",
"linkid": "globalcommunicationsinc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"