Austrian Internet Service Provider “A1 Telekom” Breached by Hackers

  • “A1 Telekom” has had an extensive and lengthy infiltration problem that took them six months to uproot.
  • The ISP admitted the incident after an Austrian blogger published details provided to him by a whistleblower.
  • The source claims that sensitive client data was accessed, but the telco denies it.

One of Austria’s largest internet service providers (ISP), “A1 Telekom,” has been breached by hackers and was compelled to admit it after a whistleblower revealed the incident to a local blogger named Christian Haschek. The person who shared the details with the blogger identified as “Libertas,” and told the man that he/she has insider knowledge of the A1 hack and that he/she didn’t do it. Allegedly, the breach occurred around December 2019, with the infiltrators managing to break in the company’s corporate network by exploiting a vulnerability on an unspecified Microsoft product.

The internal response team of the ISP firm was late to respond effectively, and when they managed to stop the breach on May 22, 2020, six months had passed. When they investigated their internal network and systems, they found multiple web shells spread across a set of different servers, including two highly critical ones. One of the domains handled by these servers was reported to be the management point for the network of a large Austrian company, but A1 has denied that the breach had any effect beyond its office network.

The whistleblower told C. Haschek that the hacker managed to compromise two internal administrator accounts, and even shared with the blogger the passwords that were used by these employees. Apparently, they remained unchanged since 2013, and there were quite a few technicians who knew them. Some of these people may have left the company in the meantime, but the passwords were still not reset. A1 responded to this allegation, saying that these passwords are indeed valid but old, and most of them aren’t used anymore.

The source claims that the A1 Telekom realized the breach earlier, but allowed the infiltrators to move around in order to figure out who they are. Evidently, the signs pointed to the “Gallium” group, which is a notorious hacking team that has ties with the Chinese Ministry of State Security. A1 denied having any clues about who the attackers are, as they were using VPN tools to connect with their network. They also admitted that they learned about the breach in January, which is when they involved external IT security experts.

As for what has been breached, the source stated that the actors accessed the firm’s internal and some external client databases. In total, the whistleblower says the hackers had access to 12,000 servers. A1 denies all of that, saying the attackers only had access to an SQL database that doesn’t hold any customer information. Finally, the Austrian ISP claims that although the hackers maintained uninterrupted access on its systems for six months, no sensitive client data was ever accessed or exfiltrated.



Will There Be a Money Heist Season 6 on Netflix?

As Money Heist came to an end on December 3, it left fans wondering what would happen next. Even though this was...

How to Watch Atlanta Hawks Games Online Without Cable

The Atlanta Hawks are one of the most exciting teams in the NBA, with a great core of talented young players and...

Android Users Now Have Access to Google Photos’ Locked Folder

The Google Photos 'Locked Folder' is rolling out to Android and older Pixel devices that didn't get it at launch.This feature lets...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari