Nepal Telecom’s Servers Compromised: Call Details Stolen

Chinese hackers were allegedly involved in stealing all the call details of the clients of Nepal Telecom by compromising the Oracle GlassFish server used by the Nepalese company.

Nepal Telecom, also referred to as NTC, is a stateowned telecommunication service provider housing over 5400 employees.

Researchers reported that the threat-actors gained unauthorized access by making use of 71 Advance Persistent Threat (APT) strategies while also employing other backdoor tools to remain undetected. The breached CDR data was extracted to APT 41 as well as APT 71 from Nepal Telecom’s servers. Exfiltrated data was also put on sale on the dark web while the CDR call information was found to be on sale on June 29.

As per local media and NTC spokesperson Rajesh Joshi, the company immediately shut down and halted all server activity in order to mitigate potential damage and safeguard customer information as soon as the first indications of the attack came into light.

The telecom company did not disclose exactly how much information was stolen as consequence of Chinese hackers gaining access to the Oracle GlassFish server but Dilli Ram Adhikari, the Managing Director of NTC notified that the main server was safe, courtesy of an advanced firewall. He also communicated to the media that they are working with relevant authorities and their specialist team to identify all those behind the attack.

The Nepalese media criticized the supposed safety the Chinese threat-actors have from their government which encourages them to perpetrate these attacks on foreign companies – an allegation other countries have also made on China which, albeit, it has swiftly denied.