Supply Chain Attacks Hit Telecom Giant While Attackers Get Creative with DNS Infrastructure

Page content

Supply Chain Attacks Hit Telecom Giant While Attackers Get Creative with DNS Infrastructure

Last week brought us a perfect storm of cybersecurity incidents that really highlight how attackers are diversifying their tactics. From supply chain compromises hitting major telecom companies to threat actors abusing fundamental internet infrastructure, we’re seeing some concerning trends that deserve our attention.

Ericsson Falls Victim to the Third-Party Problem

The biggest news came from Ericsson US, which disclosed a data breach after attackers compromised one of their service providers. What makes this particularly interesting is that it wasn’t Ericsson’s own defenses that failed – it was their supplier’s.

This is exactly the kind of supply chain attack we’ve been warning about for years. When you’re a company the size of Ericsson, with solid security practices and deep pockets for cybersecurity, direct attacks become much harder. So attackers do what they always do – they find the weakest link. In this case, that was a service provider that had access to employee and customer data.

The details are still sparse, but this incident underscores something we all know but sometimes forget: our security is only as strong as our weakest vendor. It doesn’t matter how bulletproof your own infrastructure is if a third-party with privileged access gets compromised.

Attackers Abuse .arpa Domain for Phishing

On the more technical side, researchers discovered something pretty clever – and concerning. Threat actors have started abusing the .arpa top-level domain for phishing attacks. For those who might not be familiar, .arpa is basically the internet’s infrastructure domain, used for things like reverse DNS lookups.

What’s particularly sneaky here is how the attackers are using DNS record management combined with Cloudflare to hide their malicious content. The .arpa domain gives their phishing sites an air of legitimacy that most security tools and users wouldn’t immediately flag as suspicious.

This attack vector shows how creative threat actors are getting with domain abuse. Most of our security awareness training focuses on obvious red flags like suspicious TLDs or misspelled domains. But .arpa? That looks official, technical, legitimate. It’s the kind of domain that might make even security-conscious users pause and think twice before dismissing it.

Chinese APT Shows Persistence in Long-Term Operations

Meanwhile, threat intelligence researchers have been tracking a Chinese-speaking actor that’s been lurking in critical Asian infrastructure for years. What stands out about this campaign is the combination of custom malware, open source tools, and living-off-the-land binaries targeting both Windows and Linux systems.

This is classic APT behavior – low and slow, using a mix of custom and legitimate tools to avoid detection. The fact that they’ve maintained access for years suggests they’re either very good at what they do, or the targeted organizations have significant blind spots in their monitoring capabilities. Probably both.

The cross-platform approach is particularly noteworthy. Many organizations still have better visibility into their Windows environments than their Linux systems, and this threat actor seems to understand that gap well.

UK Takes Action with New Cyber-Fraud Unit

On the defensive side, there’s some good news. The UK launched a new Online Crime Centre specifically designed to tackle cyber-fraud at the source. The unit will combine expertise from multiple agencies to take down the online channels that scammers rely on.

This kind of coordinated response is exactly what we need more of. Cybercrime operates across jurisdictions and organizational boundaries, so our response needs to do the same. Having a dedicated unit that can bring together different types of expertise – technical, legal, intelligence – and actually shut down criminal infrastructure is a step in the right direction.

The Week’s Other Notable Incidents

The weekly security roundup also highlighted several other concerning developments, including a Qualcomm zero-day, iOS exploit chains, and something called “vibe-coded malware” that honestly sounds both terrifying and oddly creative.

What This Means for Us

Looking at these incidents together, a few themes emerge. First, supply chain security isn’t just about software dependencies anymore – it’s about every vendor, service provider, and third party that touches our data. Second, attackers are getting more creative with infrastructure abuse, using legitimate services and domains in ways we might not expect.

The persistence shown by the Chinese APT group also reminds us that detection is just the first step. If you can’t respond quickly and effectively, attackers will establish persistence and maintain access for years.

For those of us in the trenches, this week reinforces the importance of comprehensive monitoring, vendor risk management, and staying current with emerging attack vectors. The threat landscape keeps evolving, and so do we.

Sources