Threats - Mahlet

Full-Stack Network Visibility – Remove the Blindfold

Traditional visibility solutions only show you part of the picture. Full-Stack Network Visibility, powered by L1FEguard’s unique Layer 1 capabilities, finally gives you the complete view – from the optical foundation all the way up.

Below are real-world examples of Full-Stack wins that no other solution can compare to.

Performance & Optimization

In late 2024, fiber infrastructure on a critical long-haul route serving two local government sites began experiencing gradual but consistent signal degradation. Traditional monitoring tools showed all parameters still within normal threshold. Operational systems weren’t experiencing any issues…yet…

Wait for failure or save money, time, and lives by detecting it before it happens.

A Full-Stack Visibility solution logged worsening raw optical telemetry and protocol indications over 60 days, enabling proactive repair before a mission-critical outage had the chance to occur.

Previous Next

Ethernet Attack Method - EtherOops

Security researchers discovered an Ethernet attack method, referred to as EtherOops, that can bypass perimeter security devices like firewalls and NATs allowing attackers to penetrate networks from the internet or move laterally between network segments. Taking this same capability one step further, if malicious actors are in a position to inject their own malformed frames into the data stream, they can own your network repeatedly with little effort.

View Article

5 Zero Day Vulnerabilities

Cisco Discovery Protocol weaknesses led to a suite of 5 vulnerabilities (CDPwn) that could devastate networks through a variety of options presented to would-be attackers. Examples include:

Breaking of network segmentation
Data exfiltration of corporate network traffic traversing through an organization’s switches and routers
Gaining access to additional devices by leveraging man-in-the-middle attacks by intercepting and altering traffic on the corporate switch
Data exfiltration of sensitive information such as phone calls from from devices like IP phones and video feeds from IP cameras

View Armis Article and Deepwatch Article

VLAN Hopping

Think VLAN hopping is dead? Hackers would love that. The truth is that unintentional misconfigurations and intentional insider threat activity are the cause of substantial factor (~74% in 2023) in initial access, lateral movement, data exfiltration, and persistence within organization’s networks. These will never go away, and neither will associated layer 2 threats, which is why we need to actively watch for them.

View More on VLAN Hopping

MPLS Label Spoofing

MPLS label spoofing can be exploited for both lateral movement (pivoting within a network) and segmentation breaking, bypassing network isolation, posing significant risks to networks, especially those that are geographically separated.

View Security Implications and Mitigation Strategies in MPLS Networks Research

View Security Challenges and Solutions in MPLS L2VPN Pseudowire Deployments Research

PCspooF Exploits Weaknesses

PCspooF exploits weaknesses in a subset of ethernet networks, called Time-Triggered Ethernet (TTE), which rely heavily on precise signal timing and are found in critical sectors such as aerospace, oil & gas, transportation, and power. Electromagnetic interference is one option. Injection of crafted malicious frames is the doomsday scenario…

View Article

Security & Compliance

In late 2024, advanced threat actor SALT TYPHOON silently infiltrated over 80 telecommunications networks worldwide. They then leveraged trusted provider-to-provider and provider-to-client connections to breach more than 600 organizations globally. In many cases, this access went undetected for years. And the reality is…

SALT TYPHOON is likely still active in most of these networks today.

A Full-Stack Visibility solution powered by L1FEguard detects unauthorized management channel access and covert C2 pipes through optical protocol monitoring, exposing attacks invisible to all defenses.

Previous Next

Data Interception Breach

From a Deloitte report in 2017: In 2000, several main trunk lines of Deutsche Telekom at Frankfurt Airport were reportedly breached, allowing data interception. Dutch and German police were victim to espionage via fiber tapping along with pharmaceutical companies in England and France. In all reality, there have been many more victims, but it’s hard to know when no one is looking…and those that find things often don’t disclose what they don’t have to.

View Deloitte Report

Fiber Eavesdropping

The Wolf Report – March 2003 “Security forces in the US discovered an illegally installed fiber eavesdropping device in Verizon’s optical network. It was placed at a mutual fund company…shortly before the release of their quarterly numbers. Information that could have been worth millions.

View Wolf Report

Optical Transport Protocol Vulnerabilities

Optical transport protocols, like all protocols, are not perfect. OTN, SDH, and SONET contain a variety of vulnerabilities that we’ve highlighted in a recent newsletter, which can be found here:

Link to newsletter1 that I haven’t written yet.

Optical Tapping

Reported in the Wall Street Journal (March 2008), roughly 4.2 million credit card details from Hannaford, a supermarket business, were stolen via optical tapping methods.

View Senetas Report

Ethernet Exploit

Ethernet is often thought of as a layer 2 protocol as its layer 1 component (Physical Coding Sublayer – PCS) is easy to forget…and absolutely is by every other security appliance out there. However, creative hackers find ways to exploit obscurities that others ignore. In fact, this is where they thrive…

Link to newsletter2 that I haven’t written yet.

Fiber Path Tapping

TorGuard put a great write-up together that speaks to the ease of tapping your fiber paths, along with referencing some of the disclosed real-world instances in which this has happened to victims.

View TorGuard Article

Black Hat Hacker Kevin Mitnick

World renowned black hat hacker, Kevin Mitnick, demonstrates how easy it is to tap into your fiber comms…in under 5 minutes…over a decade ago (2015)!!!!

Watch Kevin Mitnick’s Video

BONUS: Stay tuned for our Layer 1 protocol vulnerabilities demo at Black Hat 2026 that will give you nightmares.

Resilience & Reliability

In September 2025, Dallas/Fort Worth International Airport, one of the world’s busiest hubs, experienced sudden, severe communication degradation. Check-in systems ground to a halt, baggage handling collapsed, and air traffic control was forced to revert to manual backup procedures, bringing regional air traffic to a near standstill…

Millions of passengers impacted. Millions of dollars lost per hour. Lives put at risk.

Darktrace 2024 Threat Report – Edge Device Vulnerabilities Major Percentage of Initial Access

While application performance monitoring, security systems, and power infrastructure checks all show green, L1FEguard’s Layer 1 optical protocol insight detects a physical link failure within the regional network.

Previous Next

Backdoor Attack: J-Magic

Backdoors are scary to think about, but they’re even scarier when they’re real…and being observed in the wild. Here’s a recent example of Juniper routers becoming victim to a backdoor called “J-Magic” which analysts believe had been active for at least two years prior to discovery. Ouch!

View Article

Vulnerability in GlobalProtect

Edge firewalls are attacked ALL THE TIME either through novel techniques like the one mentioned in this link (zero-days), or known exploits that have already been disclosed and even fixed. It turns out, when vendors inform the public that their systems have known vulnerabilities, they’re also informing the bad guys…This information can be used to hit your system before your team has time to patch it, and then persist within your network even afterwards by the time you do.

View Security Advisory

2025 Data Breach Investigation Report

The percentage of edge devices and VPNs as a target on our exploitation of vulnerabilities action was 22%, and it grew almost eight-fold from the 3% found in last year’s report. Organizations worked very hard to patch those edge device vulnerabilities, but our analysis showed only about 54% of those were fully remediated throughout the year, and it took a median of 32 days to accomplish.

View Report

Vulnerability Exploits Triple

Targeting known vulnerabilities (CVEs and KEVs), widely available on public websites to anyone who cares to look, is not a new approach to initial access or expanding a foothold within a network that’s already been breached. And that’s unlikely to change.

View Article

Public-Facing Application Exploits

Internet-facing systems are always susceptible to attack, and once hackers have a foothold into these systems, it’s just a short hop to your internal network.

View Article

Full-Stack Network Visibility – Remove the Blindfold

Performance & Optimization

Ethernet Attack Method - EtherOops

5 Zero Day Vulnerabilities

VLAN Hopping

MPLS Label Spoofing

PCspooF Exploits Weaknesses

Security & Compliance

Data Interception Breach

Fiber Eavesdropping

Optical Transport Protocol Vulnerabilities

Optical Tapping

Ethernet Exploit

Fiber Path Tapping

Black Hat Hacker Kevin Mitnick

BONUS: Stay tuned for our Layer 1 protocol vulnerabilities demo at Black Hat 2026 that will give you nightmares.

Resilience & Reliability

Backdoor Attack: J-Magic

Vulnerability in GlobalProtect

2025 Data Breach Investigation Report

Vulnerability Exploits Triple

Public-Facing Application Exploits

Company

Connect