Massive Airspan Networks leak
Note
The first file was added on 2021-11-18 and the last one on 2022-01-12 so the leakers were sitting on the information for a bit. CISA issued a warning on Airspan Networks Mimosa a week ago.
Original message
Greetings!
Today we want to tell about the Airspan Networks. It's a huge company working in 4G/5G
broadband wireless products and solutions worldwide. They got a lot of very important
companies among their clients and partners, even from the S&P500 list.
However, they still got a lot of mistakes allowing the network breach and further leak
of information. After multiple notifications and attempts to resolve these issues, we
were trying to offer our help in security measures and also avoiding Data leak.
But the situation is that Airspan and their Leader-board with Mr.Eric Stonestrom and
Mr.David Brant at the head, did not attach importance to our warnings.
Maybe they thought only about how save their money, or maybe they thought that nothing
serious can happens even when they allow such a huge leak. And it's really huge Leak,
the IT-department missed the downloading of more than 1TB of sensitive Data, in our
opinion that is a big volume of data, which couldn't be just missed, when the
security services works promptly.
Well, we can't tell the exact reasons, why are the Airspan is so reckless, but we do
know that they are agreed for this leak due to it's inconsistency and disgusting
security policy.
According to our rules, we are publishing the proofs with whole Data volume, for
everyone who is interested. Since this company absolutely doesn't care about the
privacy of their clients/partners/employees and etc., nor at the stage of protecting
their network, neither after the fact of hacking and reports of a possible leak.
Our team demanded a bounty, for the information regarding vulnerabilities and helping
with the security measures, after negotiations we have greatly reduced the amount
but they still refused to compromise.
Airspan values your privacy less than $1 mil. For so much they allowed this leaked.
We believe greedy pays twice and now the Airspan will face multiple penalties and
lawsuits because of data leak.
Here you can find about 1TB of sensitive data downloaded from Airspan network.
Password for archives: Jdfio4589NzxkjspwDF_erio4501Si$ZnsioX
Password for archives in "Bitbuck" folder: 1029384756
http://wxbpssv4hiwlcgt4cxam3cznu4feqgf5pqfibbku3x6dwvtcakdkyeid.onion/AIRSPAN/
Even with all that information on hands the Airspan along with it's affiliated
companies and their Leadership decided to allow this leak instead of a paying some
reward.
Some screenshots provided by Ragnar_Locker on their website follow: 1, 2, 3, 4, 5, 6, 7.
Who
Airspan is a leading 4G/5G RAN hardware and software vendor, as well as a Fixed Wireless network densification solution provider, with an expansive portfolio of indoor and outdoor products. official site
Airspan Networks is an American telecommunications company headquartered in Boca Raton, Florida, developing Radio Access Network technology including the Sprint ‘Magic Box’ and both small cells and macro cells for the Rakuten virtualized network. Wikipedia
Where
Use Tor Browser, of course, and click this link.
What
Well, Ragnar_Locker seems to have exfiltrated everything from Airspan’s internal network.