Summary: An information stealer malware attack compromised the credentials of multiple Telefonica employees, allowing threat actors to access the company’s internal ticketing system and steal sensitive data. The Hellcat ransomware group claimed responsibility for the breach, which involved sophisticated social engineering techniques and custom malware.

Threat Actor: Hellcat Ransomware Group | Hellcat Ransomware Group
Victim: Telefonica | Telefonica

Key Point :

• Attackers used custom infostealer malware to compromise credentials of over 15 employees.
• Stolen data included 24,000 employee emails, 500,000 Jira issue summaries, and 5,000 internal documents.
• Weak password policies and social engineering tactics facilitated the breach.
• 531 employee computers were infected with infostealers last year, exposing corporate credentials.
• Telefonica confirmed the incident but stated that residential customers were not affected.