Cybersecurity blog header

Attacks on telecommunications. What they consist of and how to combat them

- Ciber 4 All Team
Attacks on telecommunications pose a threat to the productive fabric

Attacks on telecommunications jeopardize telephone and internet services, as well as the security of devices belonging to people of interest

100,000 SIM cards and 300 SIM servers are distributed across multiple locations. This was the infrastructure of a network prepared to launch attacks on telecommunications in New York.

According to the US Secret Service, which dismantled the network before the UN General Assembly, the malicious actors behind it could use it to carry out attacks on telecommunications, sending up to 30 million SMS messages per minute.

This would have allowed them to collapse New York’s telecommunications networks and mask communications with criminal groups and even terrorists during a particularly critical week, when political leaders from around the world were in the city. However, no direct connection between this criminal infrastructure and the event has been proven.

This news allows us to focus on attacks on telecommunications, which are critical infrastructure for both the productive fabric and society as a whole.

How can attacks on telecommunications be detected and managed? What can telecommunications companies and public authorities do in the face of campaigns often led by persistent threat actors sponsored by states?

Below, we will address some of the key aspects of attacks on telecommunications.

1. Massive fraud campaigns and threats to telecommunications

What the US Secret Service dismantled in New York were SIM farms, technical devices that can hold numerous SIM cards to send messages and make calls on a massive scale.

For years, criminal groups have been utilizing this infrastructure to create fake accounts on digital services, make mass phone calls, and send fraudulent SMS messages to thousands of people simultaneously.

What is their goal? To launch fraud campaigns.

In April of this year, the United Kingdom became the first European country to ban the sale and possession of SIM farms, aiming to stem the tide of digital fraud against its citizens that has been experienced in recent years.

As an example, data provided by Vodafone, a leading telecommunications company in the United Kingdom (and throughout Europe), shows that in the first quarter of 2025, it had blocked 38.5 million fraudulent messages in the country.

One of the threats to telecommunications that both companies and public administrations must take into account is the sending of fraudulent campaigns impersonating legitimate companies to deceive citizens and steal their money.

However, as evidenced by the case with which we opened this article, threats to telecommunications extend beyond the opening of this article and can jeopardize the functioning of this critical service or affect the security and privacy of individuals of interest.

In fact, the United Kingdom itself has referred to attacks on telecommunications in its recent national security strategy. Thus, the protection of public networks and telecommunications services, as well as the mitigation of security threats associated with high-risk providers, are considered key elements of this strategy.

2. Espionage targeting specific individuals: politicians, executives, researchers, etc.

Within the catalog of attacks on telecommunications, we must pay special attention to a high-caliber threat in a geopolitical context as complex as the current one. We are referring to cyberattacks against telecommunications networks that aim to carry out cyberespionage activities against businesspeople, politicians, and other individuals of interest.

In December of last year, the United States, Canada, Australia, and New Zealand issued a warning about an espionage campaign carried out by a criminal group linked to China that aimed to compromise the security of the telecommunications networks of major companies. Why?

  • Steal call logs.
  • Compromise the private communications of people linked to public administrations: politicians, civil servants, etc.
  • Obtain requests for information from law enforcement agencies linked to court orders.
  • Access telephone wiretaps carried out by law enforcement agencies.

In the following months, more details emerged about this campaign, attributed to the Salt Typhoon group, which also affected other countries, including the United Kingdom, Germany, Spain, Italy, the Netherlands, and Japan.

The malicious actors were able to exploit two vulnerabilities present in Cisco device software used by various telecommunications companies, as well as by universities, to access research related to telecommunications and engineering.

Public authorities in the affected countries have indicated that the data obtained through the attacks on telecommunications have enabled Chinese intelligence services to identify and track the communications and location of their targets.

Attacks on telecommunications pose a threat that companies and public administrations cannot ignore

3. Attacks on telecommunications can leave us without a phone line or internet

In the midst of summer, Luxembourg, the smallest state in the European Union, suffered a cyberattack targeting Post, the state-owned telecommunications company. As a result, for four hours, citizens were unable to connect to mobile networks and could not even call 112 in an emergency.

The cyberattack itself did not cause this telecommunications blackout, but the measures implemented to contain it did. Although the incident is still under investigation, the company’s director said it was a sophisticated and technologically complex attack. And authorities have pointed out that the goal of the attack was not to steal data, but to destabilize a critical service in the country.

The incident occurred due to the exploitation of a vulnerability in a standardized component of the company’s infrastructure, resulting in a large-scale failure and jeopardizing service continuity. Some media outlets have reported that the vulnerability was present in the router software of the Chinese company Huawei, although public authorities have not yet made this public.

What happened in Luxembourg highlights the consequences of successful attacks on telecommunications and demonstrates once again that telecommunications companies are critical organizations for the productive fabric and society, and that continuously optimizing their cyber resilience is essential.

In fact, one of the risks of the malicious infrastructure dismantled by the US Secret Service was precisely to cause the collapse of telecommunications and leave millions of people without access to mobile networks.

Thus, the Secret Service warned that the attacks on telecommunications that could be carried out with the seized infrastructure included the deactivation of mobile phone towers or the execution of denial-of-service attacks.

4. The General Telecommunications Law and the future Cybersecurity Law take attacks on telecommunications very seriously

It is impossible to ignore the fact that telecommunications is a critical and absolutely central sector in all areas of our lives, whether professionally or in business, in our social relationships, and so on.

It should therefore come as no surprise that the General Telecommunications Law imposes the following obligations on companies that manage public networks and communications services:

  • Manage security risks that may affect their networks and services.
  • Ensure an adequate level of security.
  • Take measures to prevent security incidents from affecting users or, at the very least, mitigate the impact of attacks on telecommunications.

In addition, the NIS2 directive and the future Cybersecurity Law that transposes it consider digital infrastructures to be a highly critical sector. This means that companies managing digital infrastructures must implement measures to ensure an adequate level of security, such as conducting periodic risk analyses, managing vulnerabilities and security incidents, or having an incident response plan to ensure business continuity.

In other words, the regulatory framework is becoming increasingly demanding, focusing on the need to prevent, detect, and manage attacks on telecommunications networks to prevent them from being compromised and services from being affected.

The consequences of cyberattacks against critical infrastructure, such as telecommunications networks, are difficult to predict and can impact the entire population and the country’s productive capacity.

Cybersecurity and cyber intelligence are critical to protecting critical infrastructure

5. The importance of cybersecurity and cyber intelligence services in the face of attacks on telecommunications

What can telecommunications companies and public administrations do in the face of attacks on telecommunications?

Given that we are talking about sophisticated, complex, and difficult-to-detect attacks, it is essential to:

  1. Collaborate among the actors involved in combating attacks on telecommunications. In this regard, it is essential to note that law enforcement agencies have divisions specializing in cybercrime, and there are incident management agencies at the national level. In the case of Spain, the Cryptographic Center (CCN-CERT).
  2. A commitment to a proactive cybersecurity strategy that uses key services to anticipate malicious actors and successfully manage incidents, such as:
    • a. Continuous security audits that cover the analysis of a telecommunications company’s entire technological infrastructure to detect suspicious behavior as quickly as possible.
    • b. Threat Intelligence. Targeted threat intelligence enables companies to identify the most likely attack scenarios, assess the associated risks, and gain a comprehensive and accurate understanding of threats to telecommunications, allowing them to implement effective prevention measures.
    • c. Threat Hunting. Proactively investigating threats to telecommunications allows experts to work with compromise hypotheses and detect malicious operations based on telemetry provided by EDR/XDR technology.
    • d. Red Team. Thanks to the knowledge provided by the Threat Intelligence and Threat Hunting teams, Red Team professionals can design scenarios and simulate real attacks to detect weaknesses and increase companies’ level of cyber resilience against telecommunications attacks.
    • e. Proactive incident response. It is essential to have an incident response team capable of anticipating hostile actors thanks to prior tasks such as incident simulations, threat analysis, and the development of an incident response plan. In this way, it is possible to act with maximum speed when malicious activity is detected and prevent attacks on telecommunications from causing telephone or internet network outages.

6. Conclusions

In short, threats to telecommunications are real and extremely dangerous, not only for telecommunications companies, but also for the general public and the productive sector.

In a fully digitized and interconnected world, a blackout in telecommunications networks can have serious economic consequences, but it can also cause damage that affects people’s health.

The work of law enforcement agencies in pursuing the criminal groups behind attacks on telecommunications, the strengthening of companies’ security strategies, and the knowledge and expertise of cybersecurity professionals are essential in combating attacks on telecommunications.