Mobi UZ (UMS), a major Uzbek telecom operator, reportedly suffered a full compromise of its local corporate network affecting roughly 280 Active Directory-joined machines and granting attackers administrative control over critical systems such as SMS gateways, Veeam replication servers, mail systems, billing services, MYID facial recognition, and on-premises Minio S3 repositories. The threat actor claims to have exploited EternalBlue, NetScaler SessionID disclosure (CVE-2024-6235), and an ADCS ESC1 admin certificate misconfiguration to exfiltrate customer registrations, ID documents with photos, business and financial records, eight databases, and personal data of about 3,000 employees, while Mobi UZ reportedly paid an initial β¬35,000 to delay publication. #MobiUZ #EternalBlue #NetScaler #ADCS #Minio
Keypoints
- Attackers claim complete compromise of Mobi UZβs local corporate network and Active Directory environment (~280 machines).
- Full administrative access allegedly affects SMS gateways, Veeam replication servers, mail servers, billing systems, MYID facial recognition, and Minio S3 repositories.
- Exploits cited include EternalBlue, NetScaler SessionID disclosure (CVE-2024-6235), and an ADCS ESC1 admin certificate misconfiguration.
- Stolen data reportedly includes customer registrations, ID documents with photographs, business client information, financial data from 1C, and eight databases across Oracle, PSQL, and MySQL.
- Mobi UZ reportedly paid an initial β¬35,000 to delay publication while assessing the scope, with about 3,000 employeesβ personal information affected.
Read More: https://dailydarkweb.net/mobi-uz-data-breach-complete-corporate-network-compromise/