- NTT Communications has been breached by a remote attacker who hacked a server and moved laterally.
- The company realized the hack pretty quickly and managed to contain the damage.
- These entities could be high-profile corporations or state agencies, so the data breach was important.
NTT Communications, a subsidiary of NTT, has announced a data breach that involves hackers gaining access to limited client data. The company’s system administrators have detected an unauthorized remote operation on their Active Directory on May 7, 2020. Following an in-depth investigation, NTT’s team confirmed that some information had been leaked to the outside. This confirmation came on May 11, 2020, so admittedly, it took the telecom firm quite a while before publicly disclosing the security lapse through an announcement.
The incident was isolated and confined to a specific set of “NTT Com” clients on a single “NTT Com” Japanese platform, and a small number of NTT Ltd. clients who were previously managed by “NTT Com.” NTT can confirm that no client segments in the Enterprise Cloud were breached. The company claims that they took measures to protect their systems now and to prevent the recurrence of similar incidents. Moreover, they have clarified that no individual client data was stored in the compromised servers, so the exposed companies’ customers haven’t been affected by the event. The companies have now been moved to new servers where additional security measures such as better control of communication routes apply.
The following diagram shows how the actors took over the Singapore-based server and then used it as a stepping stone to remotely access other systems in the NTT network. While the breach on the production server was without a doubt serious, NTT managed to cut off the intruder relatively quickly, so the breach was kept to a manageable extent.
NTT says the cause of the security breach was a migration project that was not done properly, which left the door open for the attacker. The firm assures its customers that they have a complete understanding of what they did wrong during the migration process, and now know how to avoid the same mistakes when dealing with similar projects. Of course, they also promise to disclose more details when their internal investigation is concluded. Finally, NTT hasn’t named which of its clients were compromised due to reasons of confidentiality. NTT Com is conducting ongoing forensic research, as well as upgrading security measures to provide additional assurances on these platforms. NTT Com will further strengthen monitoring systems to prevent a recurrence of such incidents and continue investigations on internal servers to improve service quality even more.