British telecommunications giant BT Group has confirmed a ransomware attack affecting its BT Conferencing business division. The attack, attributed to the Black Basta ransomware group, specifically affected certain servers, prompting the company to shut down some of its servers to contain the breach.
According to BleepingComputer, the incident did not disrupt BT’s wider operations or the live functionality of its BT Conferencing services. BT assured customers and stakeholders that the compromised servers were isolated from its primary systems, ensuring continuity of services.
Black Basta threatens data leak
The Black Basta group, known for its ransomware-as-a-service (RaaS) operations since its emergence in 2022, claimed responsibility for the breach. The group has reportedly uploaded evidence of the compromise on its darknet leak site, including screenshots and file listings. These files reportedly include sensitive employee data, such as personal records and non-disclosure agreements. Black Basta has also threatened to release what they claim are hundreds of gigabytes of data unless their demands are met, with a countdown set for the leak.
BT, which employs over 100,000 staff and provides telecommunications services in 180 countries, is cooperating with regulatory and law enforcement authorities as part of its investigation. “We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated,” a company spokesperson stated to BleepingComputer. “The impacted servers do not support live BT Conferencing services, which remain fully operational, and no other BT Group or customer services have been affected,” the spokesperson further said.
Black Basta has established a notorious reputation for targeting high-profile organisations across various sectors, including healthcare and defence. Its victims have included major companies such as Capita, Rheinmetall, ABB, Toronto Public Library, the American Dental Association, Yellow Pages Canada, and Hyundai’s European operations.
According to US authorities Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), the ransomware group has compromised more than 500 organisations globally, extracting over $100m in ransom payments to date. Black Basta affiliates are reported to have collected ransom amount from over 90 victims until November 2023.
This latest incident follows a concerning pattern of cyberattacks within the telecommunications industry. Last week, T-Mobile disclosed a highly coordinated cyberattack, which the company believes may be linked to the Chinese state-sponsored hacking group, Salt Typhoon. T-Mobile’s security protocols blocked the attackers before they could breach sensitive customer data, including calls, voicemails, and text messages.
The company’s action contrasts to reports that Salt Typhoon has infiltrated other major US telecoms providers, including AT&T, Lumen Technologies, and Verizon. While T-Mobile managed to thwart the attackers, these incidents underscore the increasing sophistication of cyber threats targeting the telecoms sector globally.