Mobi UZ (UMS), a major telecommunications operator based in Uzbekistan, has allegedly suffered a complete compromise of its local corporate network. The breach reportedly impacts around 280 Active Directory-joined computers and has granted unauthorized users full administrative access to critical infrastructure. This includes SMS gateways, Veam replication servers, mail servers, multiple billing services, MYID facial recognition systems, and on-premises Minio S3 repositories. The threat actor claims to have exploited multiple vulnerabilities to gain access, including EternalBlue, NetScaler SessionID disclosure (CVE-2024-6235), and an ADCS ESC1 admin certificate misconfiguration. The company has reportedly made an initial payment of €35,000 to delay the full publication of the stolen data while they evaluate the scope of the incident.
According to the actor, the allegedly compromised data includes:
-
Customer registrations
-
Customer ID documents (including photographs)
-
Business client information
-
Financial data sourced from 1C tools
-
8 extensive databases across Oracle, PSQL, and MySQL environments
-
Personal information belonging to approximately 3,000 Mobi UZ employees
Daily Dark WebRead More
R1
T1
