Telecommunications providers are prime targets for nation-state actors and advanced persistent threats (APTs) due to their central role in national infrastructure and access to vast amounts of sensitive data.
These sophisticated attackers favour stealthy, long-term strategies, enabling them to infiltrate networks, maintain persistence, and quietly extract valuable information over time. The stakes are significant: ranging from cyber espionage and mass surveillance to large-scale service disruption and the compromise of millions of customers’ personal data.
This blog explores how penetration testing provides telecoms with a reliable and controlled approach to assessing their security posture. Through the simulation of genuine attack scenarios, penetration testing enables organisations to detect weaknesses before ATP attackers can exploit them.
What is an advanced persistent threat?
Advanced persistent threat attacks- also known as APT attacks- are a type of cyberattack where skilled hackers, often backed by governments or organised groups, break into a network and stay hidden there for a long time.
Unlike regular hackers who want quick money or damage, APT attackers move slowly and carefully. They secretly watch, gather information, and steal data over time without being noticed. They often use custom tools, advanced techniques, and multiple steps to avoid detection, and will persist through different means if something fails, hence the ‘persistent threat’ of the name.
Why is telecom such a frequent target?
Most major stories we hear about APTs and compromised systems are based in the telecommunications sector. This is because telecoms underpin national infrastructure, allowing people, businesses, and government services to communicate through phone calls, the internet, data transfer, and more. With all of this enormous capability comes vast metadata, a huge attack surface, and a significant amount of potential victims to exploit.
It’s also a gateway to other industries and governments. Once a highly skilled threat actor gains initial access to a targeted network, their capacity for damage increases massively. They will seek not only deeper access, but also use advanced persistent attack methods to gain access to other organisations through social engineering tactics and sophisticated techniques.
APT attackers often target critical components of telecom networks, such as routers, switches, and 5G equipment, to gain deep access. They also target signalling protocols like SS7 and Diameter, which help manage calls and messages, to intercept or manipulate communications. Internal IT systems like email, databases, and employee tools are also common targets. These complex attacks make APTs one of the most menacing evolving threats to the telecommunications sector, and must be treated proactively to protect personal data and intellectual property.
Notable APT groups targeting telecom
Two major groups target telecommunications that all businesses should be aware of. These major organisations have their own unique attack methods to gain access to your business undetected for an extended period, exploiting sensitive data and intercepting communications for financial gain.
Salt Typhoon
Salt Typhoon refers to a group of Chinese Hackers renowned for their major attacks on other nations, most notably the Middle East and the United States. Exploiting software vulnerabilities in victims’ cybersecurity products like firewalls, Salt Typhoon maintained long-term access to network traffic to document who was communicating with whom, remaining undetected in American systems for years to harvest credentials.
Stealthy lateral movement techniques enabled Salt Typhoon to execute massive data theft and credential harvesting by bypassing security measures. U.S. officials and affected companies have yet to fully determine the full extent, impact, and severity of the attack. Despite months of ongoing efforts, the attackers remain concealed in the compromised systems, and complete removal has not been achieved, highlighting the evasiveness of this covert cyber attack method.
Volt Typhoon
Volt Typhoon is a Chinese state-sponsored APT attack group known for targeting critical infrastructure, including telecommuincations, energy, water, and transportation systems, particularly in the United States. Active since at least 2021, the group uses stealthy living off the land techniques, which involves leveraging built-in tools like PowerShell and command-line utilities to maintain access instead of installing malware.
This helps them avoid detection while harvesting credentials, and maintaining long-term access. They also route traffic through compromised home and office routers to hide their activity, making them extremely difficult to trace or remove.
Read more about Volt Typhoon’s methodology and the damage they have caused.
Why penetration testing is essential in the era of APT attacks
Penetration testing is absolutely critical in the era of APT attacks due to the immense capacity of harm it can potentially inflict on an organisation’s critical systems. Penetration testing provides an accurate assessment of your network security by simulating real-world attacks under controlled conditions, highlighting vulnerabilities in user accounts, external servers, or web application firewalls before attackers have the opportunity to exploit them.
Pentesting goes beyond simple vulnerability scanning by actively testing whether weaknesses can be exploited and how well an organisation responds to real-world threats such as APT attacks. In telecom environments, pentests can uncover misconfigurations, insecure protocols like unpatched SS7, and poor segmentation between core and outer networks.
They also simulate insider threats to assess internal risks. When performed regularly and with a reliable provider, it creates a continuous feedback loop that helps improve overall security posture and resilience against advanced, persistent threats targeting telecom infrastructure.
Penetration testing strategies for telecom providers
Specific types of pentesting can provide more relevant and valuable insights for telecommunications providers. These penetration tests simulate attacks on particular aspects of your security infrastructure, incorporating business logic to mimic how APT attackers would move through your network. Below are the most effective types of pentesting to consider:
Infrastructure penetration testing
Infrastructure penetration testing involves simulating attacks on your organisation’s systems, networks, and devices to identify vulnerabilities that malicious attackers could exploit. Within this scope, 5G and IoT vulnerabilities can be identified and tested, providing immensely beneficial insights for telecommunications businesses.
Core network elements, such as switches, routers, DNS, and DHCP servers, can also be tested through a combination of internal and external infrastructure penetration testing, providing further valuable insights to support you in defending against APT attacks.
Application security testing
Application security testing assesses the resilience of your customer portals, mobile apps and, critically, APIs against emerging threats. With increasing reliance on APIs for B2B integrations, the risk of abuse, such as data scraping, credential stuffing or unauthorised access, continues to grow.
Penetration testing helps to identify potential vulnerabilities through the simulation of real-world attacks, securing your telecoms business by empowering you to remediate these issues before APT attackers can exploit them.
Social engineering and insider simulation
Social engineering techniques are a powerful way to assess your organisation’s resilience to human-focused cyber threats. Penetration testers can simulate phishing and pretexting attacks that mimic APT tactics, or test the impact of compromised employee credentials and third-party access. Learn more in our detailed social engineering blog.
Red teaming vs pentesting
Red teaming is like hiring a team of skilled attackers to act as if they were real cybercriminals targeting your organisation. Instead of just checking for weak spots, they try to break in using many different methods- like phishing emails, abusing cloud accounts, bypassing security tools, or even attempting physical access. Their goal isn’t just to “get in” but to see how far they can go (stealing data, disrupting processes, etc.) while staying hidden, just like a real advanced threat. The main value is testing how well your security team can detect, respond, and recover from a full-scale, realistic attack.
Penetration testing (pentesting), on the other hand, is more like a health check-up. Testers look for specific vulnerabilities (like weak passwords, software bugs, or misconfigurations) within a defined scope- such as an app, a network, or a system. They show how these weaknesses could be exploited, rate the severity, and provide guidance on how to fix them.
- Red teaming helps improve big-picture defences (like detection processes, incident response, and overall resilience).
- Pentesting helps fix specific issues and strengthen everyday security hygiene
Threat-informed testing
Threat-informed testing means choosing what to test based on how real attackers operate.
- A practical way to do this is to use the MITRE ATT&CK knowledge base to map your test cases to the same tactics, techniques, and procedures (TTPs) that Advanced Persistent Threat (APT) groups use in the wild, so you’re validating controls against the behaviours that matter most.
- To decide scope and priorities, ingest and correlate threat-intelligence feeds and recent APT reports (e.g., which techniques target companies like yours), then select the matching MITRE ATT&CK techniques as your test checklist.
- Tools like OnSecurity’s Radar can help here by continuously scanning your external attack surface and aggregating “hacker-powered” threat intelligence (e.g., phishing domains, shadow IT, exposed services), giving you a live view of what adversaries might actually use, so your next test cycle focuses on the most relevant risks.
How to prepare for evolving advanced persistent threats
Advanced persistent threats will unfortunately continue to become more complex as hackers utilise emerging technologies- such as AI- to exploit businesses. APT attacks will continue to evolve with advancements in telecom technology, and the introduction of technologies such as 6G and satellite communication will broaden the attack surface for hackers at a more rapid pace than ever before.
That is why it is crucial for organisations to prepare for evolving ATPs by using security measures, tools and teams that can most effectively protect their sensitive data. While AI’s potential to be used maliciously by hackers can seem dire, it’s important to also recognise that defensive AI-powered technologies also exist- and will continue to improve alongside threats to help protect businesses from exploitation.
Collaborating with threat intelligence providers is a great way to ensure contextualised, up-to-date testing. OnSecurity’s threat intelligence and web scanner Radar is an excellent addition to any security strategy by providing users with continuous protection from emerging threats with flexible, configurable monitoring and simplified, transparent billing across all your domains and subdomains.
Regular penetration testing is also a fundamental method of proactively defending against evolving threats by providing a complex assessment of your current security posture, giving you actionable insights into areas requiring remediation before hackers have the chance to infiltrate. For simplified pentest management- hosted on a singular, user-friendly platform- grab an instant quote from OnSecurity today.
