ICT

ICT

ESS: Phishing attack targets Azerbaijan’s telecommunications sector

13 November 2025 10:21 (UTC +04:00)

The Electronic Security Service (ESS) has investigated a phishing-based cyberattack attempt targeting the telecommunications sector, the ESS told APA-Economics.

The investigation revealed that the attack scenario was carried out through a multi-stage loading chain, using malicious software known as “GuLoader” and “Remcos RAT.”

Attackers sent emails to users with subjects related to contracts and payments, encouraging them to open malicious attachments. The malware became persistent within the system and gained access to certain data, including usernames, operating system details, and system configuration information.

Indicators obtained during the investigation have been added to the “misp.cert.az” — the “Incident Information Exchange Platform” actively used by the ESS. Whenever new activity related to the “Remcos RAT” malware is detected, updated indicators will also be incorporated into the system.

For reference, similar attacks involving “GuLoader” and “Remcos” malware have been recorded in the country since October.

The ESS advises organizations and individual users not to open unexpected or unfamiliar email attachments, to keep their systems up to date, and to maintain active antivirus/EDR protection.

Ashraf Mehdiyev