Red Team Working Group (RTWG)
Presentation
Mission: To elevate the collective cyber resilience of European telecom operators by fostering a trusted and confidential space for Red Team experts to share experiences, tactics, and lessons learned in simulating real-world threats against critical telecom infrastructure.
KEY FOCUS AREAS
- Organizational challenges (management commitment, limited resources, planning & scheduling, governance framework, etc.)
- Discuss and share methodologies
- End-to-end adversary simulations in classic IT and Telecom environments
- Actor emulation like Cyber Crime, Insider Threats, APT in Telecoms
- Partial testing, micro cases, purple teaming
- Exchange ideas on business objectives set, actor types emulated, typical weaknesses identified
- Regulations and compliance: TIBER, DORA
- Organisation of white team, code of conduct and rules of engagement
- Interface to blue team: communication, information sharing
- Industry Trends: tooling, AI-influence, certifications/trainings, etc.
- OpSec for Red Teams
- Technical challenges (infrastructure, custom tooling, vulnerabilities, focus topics, etc.)
- Insights on actual campaigns (case studies, red team operations)
- Discussing and exchanging TTPs (Tactics, Techniques and Procedures)
- Telco Protocol Abuse and Defensive Countermeasures
- 5G Network Exploitation and Attack Surface Expansion
- SIM Swapping, IMSI Catcher Detection and Exploitation Techniques
MEETING TYPE & INFORMATION EXCHANGE
- Physical meeting (1 annually) and webinars for telecom colleagues only
- Minutes not taken, information exchanged under TLP:RED
- Presentations and other materials not shared
- Mattemost Instant Messaging Channel (TLP:RED) established
PARTICIPANT PROFILE (telco-only)
- Offensive security specialists
- Red Team Leader / Operator
- Internal Pentesters
- Purple Team Liaison
Next meetings:
- Webinars in Q3 & Q4 2025 (tbc)
- Physical meeting in Q1 2025 (tbc)
Andrija Višić (av@etis.org) coordinates the activities for this group.