Connect with us

Hi, what are you looking for?

Tech

NCC-CSIRT Urges Adoption of Two-Factor Authentication as Somnia Ransomware Targets Telegram Accounts

In response to the discovery of a new attack that compromises victims’ VPN (Virtual Private Network) accounts to compromise messaging app, Telegram, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users to adopt two-factor authentication to protect their Telegram accounts and to not download unknown Advanced IP Scanner Software.

Ukrainian cyber experts discovered the attack, which uses Vidar Malware (Vidar Stealer) to steal Telegram session data, which in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim’s telegram account and corporate account or network.

The malware, which exploits unauthorized access to users’ Telegram accounts and corporate accounts to steal data, targets platforms across iOS, Android, Linux, Mac and Windows Operating Systems.

Read Also:  NCC, WTL, IMBIL, Others to Headline TSSF’s Conference on Mobile Virtual Network Operations in Nigeria

“The Ukrainian CERT alleged that a Somnia Ransomware was created to be used on Telegram that tricks users to download an installer that mimics ‘Advanced IP Scanner’ software, which contains Vidar Malware.

“The installer infects the system with the Vidar stealer, which steals the victim’s Telegram session data to take control of their account.

“The threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates).

“If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network”, the alert and advisory states.

“Once inside, the intruders conduct reconnaissance work using tools like Netscan, Rclone, Anydesk, and Ngrok, to perform various surveillance and remote access activities, and then deploy a Cobalt Strike beacon, exfiltrating data using the Rclone program,” the report stated.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large. The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

ad

You May Also Like

News

Russia’s Ministry of Health has unveiled a revolutionary development in cancer treatment—a personalized mRNA-based cancer vaccine that will be distributed free of charge beginning...

News

Democratic Republic of Congo’s (DRC) health ministry has identified the previously mysterious illness in the Panzi health zone as a severe form of malaria...

News

Nigerian Communications Commission (NCC) has hosted a virtual stakeholders’ forum to discuss the draft Application-to-Person (A2P) licensing framework. The event, held on December 20,...

News

H.E. Dr. Bello Mohammad Matawalle MON, Honourable Minister of State for Defence, has expressed confidence that the administration of President Bola Ahmed Tinubu GCFR...