
By Byron V. Acohido
It’s only February — and 2021 already is rapidly shaping into the year of supply-chain hacks.
Related: The quickening of cyber warfare
The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.
This bad news from UScellular follows similarly troubling disclosures from networking software supplier SolarWinds and from email security vendor Mimecast.
The SolarWinds hack came to light in mid-December and has since become a red hot topic in the global cybersecurity community.
Video: What all companies need to know about the SolarWinds hack
Meanwhile, Mimecast followed its Jan. 12 disclosure of a digital certificate compromise with a Jan. 26 posting confirming that the compromise was at the hands of the same nation-state threat group behind the SolarWinds hack and subsequent attacks on various technology companies and federal government agencies.
And now UScellular admits that it detected its network breach on Jan. 6, some two days after the attackers gained unauthorized access. The intruders got in by tricking UScellular retail store employees into downloading malicious software on store computers.