The telecoms standards body targeted by a data theft
The standardization body for telecommunications, ETSI (European Telecommunications Standards Institute), has just been the victim of a data leak, announced the organization in a statement published last week. The non-profit structure, installed in the Sophia-Antipolis technology park (Alpes-Maritimes), has more precisely been the victim of the theft of the list of users of its portal.
As explained by ETSI, attackers would have exploited a vulnerability against its portal, a computer system dedicated to the work of its members. Questioned by The Record, ETSI did not want to specify whether it was a known vulnerability or an undisclosed flaw, a zero-day.
Assistance from the ANSSI
Alerted, the ANSSI, the cyber-firefighter of the state, intervened to assist the organization. “Since the attack and under the guidance of ANSSI experts, ETSI has corrected the vulnerability, undertaken additional security actions and significantly strengthened its IT security procedures”” also specifies the standardization body.
The structure has thus asked users of its online services to change their passwords. A notification has been sent to the Cnil, in accordance with the obligations of the structure. And a complaint has also been filed, the case is now being followed by the specialized section of the Paris Prosecutor’s office, said to ZDNET.fr the jurisdiction.
Unknown motives
The ETSI did not specify whether it believed that it had been the victim of an attack related to espionage or whether it was more simply an attack related first of all to simple cybercrime.
The theft of a list of users could be a first step to enter more widely into the organization’s information system.
But the attackers may also have been looking for precise identifiers.
The organization brings together more than 900 structures, originating from more than sixty countries, to work on new telecommunications standards. This work places it at the “forefront of emerging technologies”, and in particular on security issues, the subject of one of its flagship events, a thematic conference lasting several days in mid-October.