Azerbaijan Investigates Phishing Attack Targeting Telecom Sector

Jerusalem, 13 November, 2025 (TPS-IL) -- Baku (AZERTAC) – Azerbaijan’s Electronic Security Service (ESS) is investigating a phishing cyberattack attempt against the telecommunications sector.

The ESS told AZERTAC that the attack scenario was implemented through a staged download chain. Malware called “GuLoader” and “Remcos RAT” were used in the process.

The attackers sent users emails with contract and payment-related messages, encouraging them to open malicious files. The malware remained on the system and gained access to certain information, including usernames, operating systems, and system configurations.

The indicators obtained during the study have also been added to the “Incident Information Exchange Platform” – “misp.cert.az”, which is actively used by the ESS. Indicators on current and potential cyberattacks targeting the country are periodically shared on the platform.

Attempts to attack in the same scenario using malware such as “Guloader” and “Remcos” have been recorded in our country since October.

ESS recommends that organizations and individual users not open unknown and unexpected email attachments, constantly update their systems, and keep antivirus/EDR solutions active.