11 Telecom, satellite, and aerospace firms sensitive data theft
Data Leak
Summary
Hide ▲
Show ▼
Sensitive data was stolen from 11 global telecommunications companies, satellite operators, and aerospace equipment manufacturers, escalating espionage risk across telecom and aerospace targets. The theft was tied to Subtle Snail (UNC1549) and included material used for call data records (CDR) collection. The activity unfolded in just a couple of weeks and spanned multiple regions.
Related Happenings
Unnamed organization stolen data published on DLS
Data Leak
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
**Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Unnamed organization stolen data published on DLS
Data LeakAbout this happening: **Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
TELUS Digital hit by network compromise
Incident
First: 12.03.2026 16:40
Last: 12.03.2026 16:40
Sources 1
About this happening:
**TELUS Digital** confirmed a **cybersecurity incident** involving unauthorized access to a limited number of systems, and the company is still determining what was taken. The inc...
TELUS Digital hit by network compromise
IncidentAbout this happening: **TELUS Digital** confirmed a **cybersecurity incident** involving unauthorized access to a limited number of systems, and the company is still determining what was taken. The inc...
Wynn Resorts hit by cyberattack
Incident
First: 24.02.2026 23:51
Last: 24.02.2026 23:51
Sources 1
About this happening:
**Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...
Wynn Resorts hit by cyberattack
IncidentAbout this happening: **Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...
ShinyHunters Salesforce extortion campaign against global companies in 2025
Campaign
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
The **ShinyHunters** campaign now includes a **Qantas** breach disclosed after the airline found a **June 30, 2025** intrusion in a **third-party platform** used by one customer s...
ShinyHunters Salesforce extortion campaign against global companies in 2025
CampaignAbout this happening: The **ShinyHunters** campaign now includes a **Qantas** breach disclosed after the airline found a **June 30, 2025** intrusion in a **third-party platform** used by one customer s...
Subtle Snail LinkedIn phishing espionage campaign against telecom and aerospace targets
Campaign
First: 19.09.2025 16:59
Last: 19.09.2025 16:59
Sources 1
How related:
In a burst of recent attacks observed by researchers at Prodaft, Subtle Snail spread its operations across the Middle East, Europe, and North America.
About this happening:
The **Subtle Snail (UNC1549)** campaign expanded across **the Middle East, Europe, and North America**, using **LinkedIn recruiter lures** and impersonated job openings to target...
Subtle Snail LinkedIn phishing espionage campaign against telecom and aerospace targets
CampaignHow related: In a burst of recent attacks observed by researchers at Prodaft, Subtle Snail spread its operations across the Middle East, Europe, and North America.
About this happening: The **Subtle Snail (UNC1549)** campaign expanded across **the Middle East, Europe, and North America**, using **LinkedIn recruiter lures** and impersonated job openings to target...
Timeline
-
19.09.2025 16:59 2 articles · 8mo ago
Subtle Snail data theft disclosure
Initial DisclosureSubtle Snail (UNC1549), an Iran-nexus threat cluster linked to Tortoiseshell, Charming Kitten, and the IRGC, is reported to have stolen highly sensitive data from 11 global telecommunications companies, satellite operators, and aerospace equipment manufacturers across the Middle East, Europe, and North America. The campaign uses LinkedIn recruiter lures, fake job openings, phishing domains impersonating Telespazio or Safran Group, and the MiniBike backdoor for modular DLL-based payload delivery and data theft.
Show sources
- Iranian State APT Blitzes Telcos & Satellite Companies — www.darkreading.com — 19.09.2025 16:59
- Iranian State APT Blitzes Telcos & Satellite Companies — www.darkreading.com — 19.09.2025 16:59