An attack on the messaging service TeleMessage, which is used by some officials of the Trump administration, has resulted in the leak of details of over 60 government workers, a White House staffer, and members of the Secret Service. The White House acknowledged the cyber security incident but did not provide further comments. TeleMessage servers are reportedly closed while an investigation is carried out.
Source: https://www.theregister.com/2025/05/26/security_in_brief/
TPRM report: https://scoringcyber.rankiteo.com/company/telemessage
"id": "tel138052625",
"linkid": "telemessage",
"type": "Breach",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Over 60 government workers, a '
'White House staffer, and '
'members of the Secret',
'industry': 'Messaging Service',
'name': 'TeleMessage',
'type': 'Company'}],
'attack_vector': 'Unauthorized Access, Malware',
'data_breach': {'type_of_data_compromised': 'Messages, Personal Information'},
'description': 'Infosec In Brief Secrets of the Trump administration may have '
'been exposed after a successful attack on messaging service '
'TeleMessage, which has been used by some officials. Evidence '
'of an attack on administration officials appeared last week '
'on leak site Distributed Denial of Secrets, hosted an archive '
'of messages that included details of over 60 government '
'workers, a White House staffer, and members of the Secret. '
"The White House said that it was 'aware of the cyber security "
"incident' but didn't comment further. TeleMessage servers are "
'reportedly closed while an investigation is carried out. '
'Operation Endgame II takes out malware. Europol had already '
'detailed attempts to take down the Qakbot and Danabot malware '
'groups, and last Friday it announced the disruption of the '
'following five malware crews: Bumblebee, Lactrodectus, '
'Hijackloader, Trickbot, Warmcookie. Operation Endgame II, a '
'combined operation involving police from the EU, UK, US, and '
'Canada, has now led to 20 arrests and 18 suspects have been '
"added to the EU's most wanted list. In addition a total of "
'€21.2 million has been seized.',
'impact': {'data_compromised': 'Messages, Personal Information',
'systems_affected': 'TeleMessage Servers'},
'investigation_status': 'Ongoing',
'motivation': 'Unauthorized Data Access, Financial Gain',
'references': [{'source': 'Reuters'}, {'source': 'Wired'}],
'response': {'containment_measures': 'TeleMessage servers are reportedly '
'closed while an investigation is '
'carried out',
'law_enforcement_notified': 'Yes'},
'threat_actor': ['Unknown',
'Qakbot',
'Danabot',
'Bumblebee',
'Lactrodectus',
'Hijackloader',
'Trickbot',
'Warmcookie'],
'title': 'Cyber Incident Involving TeleMessage and Operation Endgame II',
'type': 'Data Breach, Malware'}