European Telecoms Standards Agency Hacked
French Cybersecurity Agency Called To Support Investigation
The European Telecommunications Standards Institute (ETSI) has announced that hackers stole a database identifying its users, The Record reported on October 2.
ETSI, a nonprofit established in 1988, supports testing and technical standards development for the telecommunications industry. The organization has assisted in the testing and developing of technologies such as GSM, 3G, 4G, and 5G.
In an announcement posted on September 27, the organization explained that it worked closely with the French National Cybersecurity Agency to "investigate and repair" information systems.
“Transparency is at the root of ETSI, in our governance and technical work. We have already proved to be quick to react and adapt to crises, Covid being one of them. The shutdown challenged our working procedures and IT systems and we managed to ensure business continuity for both our staff and our members whilst limiting the risks," said Luis Jorge Romeo, ETSI's Director General, as he was quoted by ETSI's official statement on the breach.
"They were able to keep working without disturbance during that period. For this new crisis, we are very grateful for the knowledge and advice of the experts from the French National Cybersecurity Agency (ANSSI), who have helped us to determine the remedial actions to be taken, and to strengthen the security of our systems,” Romero continued.
ETSI is estimated to have more than 900 member organizations in its network. The organizations range from small to large companies, spread out across industries including research, academia, government and public organizations.
With the help of the French security agency, ETSI stated that it had fixed the vulnerability to its systems.
At the time of this report, it was not clear what the motivation of the zero-day attack was. ETSI had not named a specific threat actor claiming responsibility for the attack.