Security News > 2022 > December > Sneaky hackers reverse defense mitigations when detected
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.
The attacks have been attributed with low confidence to hackers tracked as 'Scattered Spider,' who demonstrate persistence in maintaining access, reversing mitigations, evading detection, and pivoting to other valid targets if thwarted.
Once the hackers gain access to a system, they attempt to add their own devices to the list of trusted MFA devices using the compromised user account.
In intrusions observed by Crowdstrike, the adversaries were relentless in their attempts to maintain access to a breached network, even after being detected.
"In multiple investigations, CrowdStrike observed the adversary become even more active, setting up additional persistence mechanisms, i.e. VPN access and/or multiple RMM tools, if mitigation measures are slowly implemented," warned CrowdStrike.
Hackers use new, fake crypto app to breach networks, steal cryptocurrency.