One of the world’s largest telecoms and IT services companies has revealed that attackers may have stolen data from its internal systems, affecting over 600 customers.
NTT Communications provides cloud, network and data center services to some of the world’s biggest companies. Its parent, NTT Group, is ranked in the top 100 of the Fortune Global 500.
The firm claimed in a lengthy statement on Thursday that it detected unauthorized access to its Active Directory (AD) server on May 7, confirming the attack four days later.
Although an English language version of the notice has yet to be published, it appears that hackers first compromised a cloud server (labelled server B by the firm) located in its Singapore data center, before using it as a stepping stone to attack another internal server (server A) and its AD server.
Attackers also jumped from server B to compromise an information management server (server C) used to service NTT's cloud and hosting customers.
It is server C which NTT Communications claimed attackers may have breached to steal data on 621 customers.
The firm said it is taking steps to mitigate the incident and prevent anything similar happening in the future.
Just last week, NTT warned in its annual Global Threat Intelligence Report that the technology sector was the most attacked worldwide in 2019.
It claimed that hackers are increasingly using “multi-function attack tools” and artificial intelligence/machine learning capabilities, as well as automation techniques, to increase their chances of success. Over a fifth (21%) of attacks globally featured some form of vulnerability scanner, it said.
The type of NTT customer data stolen by hackers in May and the techniques used to compromise servers and move laterally inside its network are unclear at this stage.