Security News > 2022 > December > Telcom and BPO Companies Under Attack by SIM Swapping Hackers
"The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week.
Initial access to the target environment is said to be undertaken through a variety of methods ranging from social engineering using phone calls and messages sent via Telegram to impersonate IT personnel.
Another instance involved the exploitation of a critical remote code execution bug in ForgeRock OpenAM access management solution that came under active exploitation last year.
Many of the attacks also involved Scattered Spider gaining access to the compromised entity's multi-factor authentication console to enroll their own devices for persistent remote access through legitimate remote access tools to avoid raising red flags.
Initial access and persistence steps are followed by reconnaissance of Windows, Linux, Google Workspace, Azure Active Directory, Microsoft 365, and AWS environments as well as conducting lateral movement, while also downloading additional tools to exfiltrate VPN and MFA enrollment data in select cases.
"These campaigns are extremely persistent and brazen," Parisi noted.
News URL
https://thehackernews.com/2022/12/telcom-and-bpo-companies-under-attack.html
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)