AT&T Inc., an American telecommunications company, has reportedly paid around $400k to the hackers for deleting information taken in a hack. According to experts, the hacker provided a Bitcoin wallet address, and one transaction in mid-May fits with an extortion payment. A person familiar with the hacker confirmed that AT&T paid and told Bloomberg that they were unsure whether payments were made directly from the carrier or a third party, which remains to be discovered.
An AT&T spokesperson did not comment on the issue of the telecom giant paying a ransom in an effort to silence the incident. The hack included call and text records for almost all its customers. Experts observed that the leaked data included a location that may constitute a national security threat. Additionally, the sum paid was on the lower side compared to other high-profile extortion in recent months.
The cyberattack is part of a series tied to Snowflake Inc., a data analysis software provider grappling with the aftermath of reputational harm. The hacker shared a video lasting approximately seven minutes depicting the purported deletion of data to confirm compliance with their demands. They also claimed that multiple individuals were involved in the breach, making verifying the video’s authenticity challenging or identifying other perpetrators. The hacker gave Bloomberg a payment log, which Chainalysis Inc. analyzed and compared with Bitcoin’s Blockchain data.
The payment, around $380,000 worth of Bitcoin, was transferred to a digital wallet specified by the extortionist hacker and termed as “an illicit payoff.” A smaller sum of money was sent to another hacker’s wallet. Chainalysis experts were uncertain if the initial BTC payment originated from AT&T. Nevertheless, the transaction occurred while AT&T seemingly worked with federal authorities to prevent the attack details from being disclosed in deference to national security and other law and order concerns.
The Justice Department agreed, but AT&T delayed the disclosures for another two weeks until May 9 and June 5. The payment was less than what has been paid recently for similar breaches. Last year, for example, Colonial Pipeline Co. paid $4.4 million in May, and UnitedHealth Group Inc., after attackers struck its subsidiary Change Healthcare earlier this month, forked over $22 million.
For some corporations, like AT&T, $380,000 is “almost nothing,” said the chief security strategist at Analyst1, Jon DiMaggio. That might be because the hackers needed to infiltrate financial reports in scenarios where they could. The hacker mentioned that they didn’t think the text and call logs were of any value and did not know who would pay to buy them. It was also noted that a Snowflake representative came out with the information that the AT&T records breach was connected with an already disclosed security incident last month, in which hackers used stolen login data to access as many as 165 customer accounts.