On April 23, at 01:16 am by local time (on 22.04.2021 at 20:16 UTC), an unknown person(s) managed to break into the Telegram account belonging to an employee of the Kun.uz news agency.
The attack was made simultaneously from 2 IP addresses – one from Tashkent (IP-184.108.40.206) and the other from Stockholm (IP-220.127.116.11).
Surprisingly, in the process, contrary to the mandatory rules of the Telegram messenger, the account owner (Kun.uz employee) did not receive a confirmation code via SMS to his phone.
Unidentified individuals were inside the account they hacked until 03:35 by local time (2 hours 19 minutes). The employee noticed this at dawn, after the number of sessions on the Telegram had increased by one, and immediately deleted the unknown user.
The most interesting thing happened after that. With the deletion of redundant sessions, an unknown person(s) actively tried several times to access the account. These attempts continued even after the account owner turned on the two-step authentication function, and before that the account was repeatedly hacked without sending an SMS code to the phone number.
Subsequent attempts were made mainly from a London address (IP-18.104.22.168).
ICT experts know that in the current advanced information age, it is not difficult to carry out such cyberattacks by changing IP addresses.
According to IT experts interviewed by Kun.uz, the hackers may have achieved this using an unknown program or one of the most “simple” methods mediated by telecom operators.
So far, Kun.uz has no information on the extent to which the employee’s personal and corporate (internal) information was stolen as a result of the attack.
In this regard, we ask the authorities responsible for the protection of citizens from cyberattacks to provide practical assistance in identifying the person(s) who committed these acts.