Starting in early 2023, UNC3944 initiated a complex assault on Global Communications Inc., a leading telecommunications provider. Utilizing advanced social engineering tactics, the attackers exploited help desk personnel by impersonating internal support staff via collaboration platforms. They successfully tricked multiple employees into resetting multi-factor authentication settings, granting the threat actors unauthorized access to internal systems. Once inside, UNC3944 deployed a custom ransomware strain that encrypted critical network infrastructure, halting customer billing processes and service provisioning. Simultaneously, they exfiltrated terabytes of sensitive customer records, including personal identifiers, financial account details, and call metadata. When the company refused initial ransom demands, the group issued public extortion threats and began leaking customer datasets on underground forums. The combined encryption of business-critical systems and exposure of private customer information resulted in significant service outages, regulatory scrutiny, and widespread loss of consumer trust. Global Communications Inc. was forced to allocate substantial resources towards forensic investigations, incident response, and customer remediation efforts, ultimately incurring millions in recovery costs and potential class-action lawsuits. Law enforcement agencies and third-party forensic teams were engaged to contain the breach, and Global Communications deployed enhanced security training and access controls post-incident. The reputational damage led to a temporary spike in customer churn and a noticeable decline in share value.
Source: https://cybersecuritynews.com/unc3944-hackers-evolves-from-sim-swap-to-ransomware/
TPRM report: https://scoringcyber.rankiteo.com/company/globalcommunicationsinc
"id": "glo845050725",
"linkid": "globalcommunicationsinc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Telecommunications',
'name': 'Global Communications Inc.',
'type': 'Telecommunications Provider'}],
'attack_vector': 'Social Engineering',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Terabytes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiers',
'Financial Account Details',
'Call Metadata']},
'date_detected': 'Early 2023',
'description': 'Starting in early 2023, UNC3944 initiated a complex assault '
'on Global Communications Inc., a leading telecommunications '
'provider. Utilizing advanced social engineering tactics, the '
'attackers exploited help desk personnel by impersonating '
'internal support staff via collaboration platforms. They '
'successfully tricked multiple employees into resetting '
'multi-factor authentication settings, granting the threat '
'actors unauthorized access to internal systems. Once inside, '
'UNC3944 deployed a custom ransomware strain that encrypted '
'critical network infrastructure, halting customer billing '
'processes and service provisioning. Simultaneously, they '
'exfiltrated terabytes of sensitive customer records, '
'including personal identifiers, financial account details, '
'and call metadata. When the company refused initial ransom '
'demands, the group issued public extortion threats and began '
'leaking customer datasets on underground forums. The combined '
'encryption of business-critical systems and exposure of '
'private customer information resulted in significant service '
'outages, regulatory scrutiny, and widespread loss of consumer '
'trust. Global Communications Inc. was forced to allocate '
'substantial resources towards forensic investigations, '
'incident response, and customer remediation efforts, '
'ultimately incurring millions in recovery costs and potential '
'class-action lawsuits. Law enforcement agencies and '
'third-party forensic teams were engaged to contain the '
'breach, and Global Communications deployed enhanced security '
'training and access controls post-incident. The reputational '
'damage led to a temporary spike in customer churn and a '
'noticeable decline in share value.',
'impact': {'brand_reputation_impact': 'Widespread Loss of Consumer Trust',
'data_compromised': ['Personal Identifiers',
'Financial Account Details',
'Call Metadata'],
'downtime': 'Significant Service Outages',
'financial_loss': 'Millions in recovery costs',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential Class-Action Lawsuits',
'operational_impact': 'Halted Customer Billing Processes and '
'Service Provisioning',
'payment_information_risk': 'High',
'systems_affected': 'Critical Network Infrastructure'},
'initial_access_broker': {'entry_point': 'Help Desk Personnel'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain and Data Theft',
'post_incident_analysis': {'corrective_actions': ['Enhanced Security Training',
'Access Controls'],
'root_causes': 'Social Engineering and Human '
'Error'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes',
'ransom_paid': 'No',
'ransomware_strain': 'Custom'},
'regulatory_compliance': {'legal_actions': 'Potential Class-Action Lawsuits'},
'response': {'law_enforcement_notified': 'Engaged',
'recovery_measures': ['Forensic Investigations',
'Enhanced Security Training',
'Access Controls'],
'third_party_assistance': 'Engaged'},
'threat_actor': 'UNC3944',
'title': 'Complex Assault on Global Communications Inc. by UNC3944',
'type': 'Ransomware and Data Breach',
'vulnerability_exploited': 'Human (Help Desk Personnel)'}