© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

Hudson Rock: ‘Infostealer root cause of data breach Telefónica’


New information has emerged that the data breach at Spanish communications provider Telefónica was facilitated by a combination of infostealer malware and sophisticated social engineering techniques.

Last week, Telefónica confirmed that hackers were successful in breaching its internal ticket system and stealing customer information.

On a popular hacking forum on the dark web, the threat actors claimed to have stolen 236,493 lines of customer data, 469,724 lines of internal tickets data, and over 5,000 internal documents. They were able to scrape approximately 2.3 GB of data.

The telecommunications company told the press that the attackers were able to breach the internal ticket system by using compromised employee credentials. Once this came to light, Telefónica performed password resets on impacted accounts to block the threat actors’ access.

Hudson Rock spoke with the hackers responsible for the breach. They told the cybersecurity firm they used private infostealer malware to get a hold of login credentials from over 15 employees to gain initial access.

The threat actors first entered via an Atlassian Jira platform. Once inside, they strategically used social engineering to expand their access. “Notably, they targeted two employees with administrative privileges, tricking them into revealing the correct server for brute-forcing SSH access,” Hudson Rock explains.

The hackers told researchers they managed to exfiltrate 24,000 employee emails and names, 500,000 Jira issues and summaries, and 5,000 internal email communications and various documents.

According to Hudson Rock, the breach at Telefónica was imminent. The cybersecurity firm discovered that the computers of 531 employees were infected by infostealers. Each infection led to corporate credentials being stolen from their computers and falling into the hands of hackers.

The affected employees had credentials associated with Active Directory access to Telefónica’s cloud services, intranet logins, and webmail accounts.

When examining the overall password strength of employees via Hudson Rock’s cybercrime intelligence database, it showed that approximately 66% of the passwords were considered weak. In addition, Telefónica had 4,200 instances of employees infected by infostealers who had corporate logins to third-party systems, including Office365, Salesforce, and Fortinet.

Infostealer malware continues to be a primary method of gaining initial access to corporate networks, Hudson Rock concludes.

“These infections provide hackers with the necessary credentials to infiltrate systems and, as demonstrated in this case, can be leveraged to expand access further through sophisticated social engineering tactics. Infostealers serve as a stepping stone for more advanced attacks, making them a significant concern for organizations worldwide,” the cybersecurity firm says.

Hudson Rock therefore recommends companies to invest in enhanced security protocols, such as credential management, employee awareness, and robust malware defenses.


Leave a Reply

Your email address will not be published. Required fields are marked