As operators of the communications infrastructure connecting people and businesses around the world, telecommunications companies are an attractive target for cybercriminals, hacktivists, and state-sponsored adversaries.

Below are examples of areas where Flashpoint can help telecommunications companies identify, assess, and respond to relevant threats:


Telecom companies hold a wealth of customer data, intellectual property, and other information of value to threat actors. Insider threats can arise if employees abuse their authorized access to sensitive data or assets. While insider threats can be complex and take various forms, recruitment and planning often takes place on illicit forums, encrypted chat services, or other covert channels. As such, without visibility into these communities, telecom companies may struggle to proactively address insider threats.

Flashpoint combines targeted monitoring of illicit communities with extensive knowledge of the techniques, tactics, and procedures (TTPs) of malicious insiders.

In one instance, Flashpoint discovered the source code of an unreleased software program owned by a multinational telecom provider was being advertised for sale on an illicit underground marketplace. After determining that the source code was being sold by an employee of the telecom provider, Flashpoint worked with the customer to preemptively address the compromise and take necessary actions against the rogue employee.


Despite the telecom industry’s ongoing efforts to prevent malware infections, skilled cybercriminals continue to develop new malware strains capable of bypassing even the most robust security controls. Since new forms of malware are typically developed and distributed among threat actors within illicit online communities before being released in the wild, maintaining visibility into these underground communities is crucial.

Flashpoint’s ongoing monitoring and analysis of emerging malware threats empowers customers with proactive insight into emerging malware and related schemes.

In one instance, Flashpoint uncovered the early-stage development of an unreleased strain of ransomware on an illicit forum. Analysts gleaned critical information about the ransomware, such as its indicators of compromise (IoCs), who was producing it, and where and how its development was taking place. Analysts then determined that the ransomware leveraged RSA-2048 encryption to prevent victims from opening files on their compromised device until the ransom was paid. This information helped customers determine appropriate countermeasures to proactively combat the ransomware before it was released in the wild.


The infrastructure and services provided by telecom companies have come to play a fundamental role in day-to-day business operations and interpersonal communications, making the industry an appealing target for distributed-denial-of-service (DDoS) attacks aiming to maximize disruption. Indeed, any DDoS attack that hinders the capacity, performance, or availability of a telecom network can trigger a domino effect by interrupting the operational continuity of customers’ critical systems and infrastructure that rely on telecom services.

Flashpoint’s visibility into the illicit communities where adversaries congregate and plan DDoS attacks enables telecom companies to proactively address this threat. In one instance, Flashpoint identified the widespread presence of an internet of things (IoT) vulnerability that ultimately gave rise to the Mirai botnet, as well as subsequent large-scale DDoS attacks targeting service providers. Analysts then traced the vulnerability to an upstream supplier contracted by many IoT device manufacturers. Flashpoint immediately alerted customers so they could patch the vulnerability, enforce stricter quality controls on supply chain and technology partners, and mitigate service outages appropriately.


Since telecom companies store high volumes of customers’ personally identifiable information (PII), they are desirable targets for profit-motivated cybercriminals seeking to steal and monetize this data. Without visibility into the illicit communities where criminal schemes are planned and compromised information is advertised and sold, telecom companies may struggle to quickly investigate and respond to security incidents.

Flashpoint’s comprehensive access to illicit forums and marketplaces, encrypted chat services, and other threat-actor channels—as well as its extensive linguistic, social, and cultural expertise—helps organizations proactively identify, investigate, and respond to security incidents.

In one instance, Flashpoint observed a reputable threat actor on an underground marketplace advertising access to a global telecom company’s internal network. After verifying the breach, Flashpoint worked with the customer to identify the source of the compromise and mitigate the exposure.

Did this answer your question?