Last week Vodafone Portugal saw a cyberattack bringing down its mobile network. It seems it took quite some effort to bring the network up again. There was next to no debate here on HN which is frankly quite surprising. Does anyone have more information what exactly happened? (https://www.vodafone.pt/press-releases/2022/2/vodafone-portugal-alvo-de-ciberataque.html)
Sounds like their EPC/packet core was compromised pretty seriously.<p>Ars article: <a href="https://arstechnica.com/information-technology/2022/02/vodafone-portugal-struggles-to-restore-service-following-cyberattack/" rel="nofollow">https://arstechnica.com/information-technology/2022/02/vodaf...</a><p>"Vaz said the company hadn't received any ransom demand that would indicate it was hit by a ransomware attack. The CEO also said he had no indications the attackers had accessed subscriber information or other sensitive data."<p>Yet at the same time - "The attack comes a month after the websites of two of Portugal's biggest news outlets—Impresa and later COFINA—were hacked by a ransomware group calling itself Lapsus$."<p>As to why there's been no discussion, it seems like there just isn't much information to discuss at the moment. Vodafone Portugal's in damage-control mode, they don't want to say more than they have to, and what's been said is in Portuguese.<p>OP - are you in Portugal? Desculpe if so! I imagine this is a big deal in-country.
How much of the discussion happened in languages other than Portuguese? This definitely seems like an interesting event but this is the first time I've heard of it. I would definitely encourage sharing more details if anyone has them.
Content translated to English by a robot:<p>Vodafone Portugal target of cyberattack<p>Vodafone was the target of a disruption in its network, which began on the night of February 7, 2022 due to a deliberate and malicious cyberattack in order to cause damage and disturbance. As soon as the first signal of a problem on the network was detected, Vodafone acted immediately to identify and contain the effects and restore the services.<p>This situation is affecting the provision of services based on data networks, namely 4G/5G network, fixed voice services, television, SMS and voice/digital service. We have already recovered mobile voice services and mobile data services are available exclusively on the 3G network almost throughout the country but, unfortunately, the size and severity of the criminal act to which we have been subjected implies for all other services a careful and prolonged recovery work involving multiple national, international teams and external partners. This recovery will happen progressively throughout Tuesday.<p>Although the in-depth investigation of the criminal act to which we have been subjected will last indefinitely and with the involvement of the competent authorities, we have no evidence to date that Customer data has been accessed and/or compromised. Vodafone remains absolutely determined to restore the normality of services in the shortest possible time and deeply regrets the inconvenience caused to our Customers.<p>We have at Vodafone Portugal and the Group an experienced team of cybersecurity professionals who, together with the competent authorities, are conducting an in-depth investigation to understand and overcome the situation. We will update information about the status of service as the situation progresses.
I wonder if we're desensitized too. The TMobile breach in 2021 was upwards of 100 million. Full SSN, date of birth, driver's licenses. It was discussed here but really not much outcry considering the size and quality of the data that was pilfered.<p><a href="https://news.ycombinator.com/item?id=28223747" rel="nofollow">https://news.ycombinator.com/item?id=28223747</a><p>Is there a law in the U.S. requiring telecoms to collect such information? Yet there's no law requiring purge of old customer data, with affected people not having been customers in years.
Let me guess, Vodafone outsourced network management to a cheaper location with underpaid and overworked staff? At the same time blames 'state actor'?
'Debate'? Maybe because nobody around here knows about it. Instead of a weird Ask HN -- you should share the news url to open up the discussion!
Doesn't seem like it'd be a nation-state. They usually try to stay quiet and out of the news so they wouldn't disrupt services.<p>Might be some ransomware operators or malicious parties trying to extort them.
We are approaching a time in which a cyberattack will lead to an NATO Article 5 invocation: <a href="https://news.yahoo.com/russian-hackers-mind-nato-takes-165016031.html" rel="nofollow">https://news.yahoo.com/russian-hackers-mind-nato-takes-16501...</a><p>Hopefully soon. Until there are fatalities for acts of war against a country's infrastructure, they will continue.
Because they shall take cybersecurity seriously. You can always make IT a cost center. But when your data is for sale on darknet is a bit late to wake up. Sorry, i forgot. It is not _your data_. It is your customer's data. And you don't care.