Thousands of AT&T Subscribers Infected With Data-Pilfering Malware, Researchers Say

A new report from a Chinese cybersecurity company claims that unpatched vulnerabilities in networking devices have allowed a noxious worm to get into thousands of AT&T customers in the U.S. A back door is a piece of software that could allow an attacker to penetrate networks, steal data, and other activities.

The infections were discovered by researchers with the security firm, and they discovered that they had targeted at least 5,700 AT&T subscribers. Botnets are networks of devices that can be controlled by one centralized party and are often used to conduct cyberattacks or engage in other criminal activity.

The bug that was originally discovered in the year of 2017 appears to have allowed the malware in question to seeped into users' enterprise network edge devices. Businesses that use edge devices to connect their networks to the internet are a common target for cyberattacks.

EdgeMarc enterprise session border controllers are used by smaller and mid-sized businesses to manage and secure internal communications, like voice and video-call.

The controllers were compromised by a bug that was patched way back in 2018, Ars Technica reports. If users never patched the security flaw, they would have left themselves open to a lot of trouble.

According to researchers from the company, the software in question has the ability to enable a wide range of attacks, such as port scanning, file management, and the execution of arbitrary commands. Data theft and the disruption of services would all be possible.

There is a question as to how many devices have been affected. It is not clear if AT&T or the manufacturer of EdgeMarc ever disclosed the vulnerability to users. The researchers initially observed 5,700 devices, but the size of the infection could be much larger.

All 5.7k active victims that we saw during the short time window were located in the US. The number of devices using the same certificate is 100,000. They said that they were not sure how many devices would be affected, but that the impact could be real.

Jim Greer, AT&T's spokesman, provided Gizmodo with a statement.

We have taken steps to mitigate the issue and continue to investigate. There is no evidence that customer data was accessed.

If you are worried about this, it might be a good idea to look at the indicators of compromise on the researchers page. We reached out to Ribbon Communications and will update this story if they reply.