Thousands of AT&T Customers Attacked by Malware

Brandon McCauley
Brandon McCauley
December 1st, 2021

Today, a new member joins the club that Robinhood, Meta, and Twitch have been a part of for a few months. AT&T, a telecommunications enterprise worth billions of dollars, has left thousands of its customers within the United States at the mercy of a predatory malware attack. At this point, we can’t seem to go a week without a massive data breach.

What Happened This Time?

It was discovered on Tuesday that thousands of networking devices belonging to AT&T Internet subscribers were infected with malware that allows their devices to be used in Denial-of-Service (DoS) attacks, as well as attacks on internal networks.

The specific device that is being targeted by this malware is the EdgeMarc Enterprise Session Border Controller, which is used by both small and medium-sized companies to handle various communication networks, such as phone calls and video conferences. The importance of this device is that is has access to both a large bandwidth and sensitive information.

In other words, this is the exact environment that DoS and DDoS attacks thrive in.

The Investigation

According to researchers from Qihoo 360, a company based in China, there were roughly 5,700 victims, all of which were geographically located within the United States. Among the sensitive information that could be potentially siphoned, they specifically mention call logs. What is most interesting, however, is that this malware predates this specific attack against AT&T.

In fact, Qihoo 360 has been investigating it since October!

The investigation began back on October 27, when they detected an attack against Edgewater Networks’ devices. After some time, they gave the malware the name “EwDoor.” At first, EwDoor only had six major functions:

  • Self-updating
  • Port scanning
  • File management
  • DDoS attacks
  • Reverse SHELL
  • Executing arbitrary commands

Since its debut, EwDoor has updated itself a total of three times, adding things such as BitTorrent Trackers, which are used for communication, and sandbox confrontation features.

Cause for Concern?

As of right now, there doesn’t seem to be any reason to be concerned.

Unless you are a small- to medium-sized business owner that uses this specific appliance, you are safe. Even then, AT&T says there is no reason to be concerned. In fact, a spokesperson for the company said that they have “taken steps to mitigate [the infection]” and “have no evidence that customer data was accessed.”

© 2023 Redact - All rights reserved