The Nigerian Communications Commission (NCC) has informed the public of the existence of another group of hackers who are planning a series of deadly cyber espionage on the African telecommunications network not just in the country but across Africa.
NCC made available in a press release to Legit.ng revealed that an Iranian hacking group called Lyceum (also known as Hexane, Siamesekitten, or Spirlin) is reportedly targeting telecommunications providers, Internet service providers (ISPs) and foreign ministries (MFA) across the continent.
According to the Commission, the most recent politically motivated cyber-espionage-targeted attack will be carried out by sophisticated malware.
Details on this cyber attack are contained in the latest report from the Nigerian Computer Emergency Response Team (ngCERT), which rated the probability and damage level of the new malware as high.
As contained in the advisory, the group of hackers is known to be focused on infiltrating the networks of telecommunications companies and ISPs.
NYSC transfers massive sums to FG account, presidency reacts
The NCC’s statement read in part:
“According to the attackers’ way of working, Lyceum’s initial attack vectors include credential stuffing and brute force attacks. Once a victim’s system is compromised, the attackers monitor certain targets. In this mode, Lyceum will attempt to deploy two different types of malware: Shark and Milan (collectively known as James).
“Both malware are backdoors. Shark, a 32-bit executable file in C # and .NET, generates a configuration file for Domain Name System (DNS) tunneling or Hypertext Transfer Protocol (HTTP) C2 communication; while Milan – a 32- Bit-Remote Access Trojan (RAT) retrieves data.
“Both are able to communicate with the group’s command and control servers (C2). The APT maintains a C2 server network that connects to the group’s back doors, made up of over 20 domains, including six that were not previously associated with the threat actors.
CBN announces that 488,000 eNaira wallets have been downloaded and 78,000 merchants registered worldwide when transactions hit N60 million
“It has been reported that individual accounts of interesting companies are typically attacked, and once those accounts are cracked, they are used as a springboard for spear phishing attacks against senior executives in an organization. The report suggests that not only are these attackers looking for data from subscribers and third party affiliates, but once compromised, threat actors or their sponsors can also use these industries to monitor interested parties.
“However, to protect against these types of threats, the NCC would like to reiterate the ngCERT reports that telecommunications companies and ISPs need multiple layers of security in addition to constant network monitoring to prevent potential attacks.”
The Commission warned telecom consumers and the general public to follow these security measures:
- Ensure the consistent use of firewalls (software, hardware and cloud firewalls).
- Enable a web application firewall to detect and prevent web application attacks by examining HTTP traffic.
- Install up-to-date antivirus software to detect and prevent a wide variety of malware, trojans, and viruses that APT hackers use to exploit your system.
- Implement the use of intrusion prevention systems to monitor your network.
- Create a secure sandboxing environment where you can open and run untrusted programs or code without harming your operating system.
- Make sure you are using a virtual private network (VPN) to prevent an easy opportunity for APT hackers to gain initial access to your company’s network.
- Activate spam and malware protection for your e-mail applications and inform your employees how to identify potentially malicious e-mails.
Firstbank presents fully automated self-service branch, strengthens digital transformation in Nigeria
No more renewals, NCC is still warning Nigerians against linking their SIM card to NIN
In the meantime, the NCC had severely warned Nigerians not to link their Subscriber Identity Modules (SIM) cards to their National Identity Numbers (NIN) before the deadline on Sunday, October 31st.
According to the Commission, those who have not yet complied will no longer be able to use their lines after the deadline.
NCC issued the warning in a statement following the closing of the second edition of the Telecommunications Consumer City Hall radio program on Wednesday.