Security News > 2022 > December > Telcom and BPO Companies Under Attack by SIM Swapping Hackers

"The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week.

Initial access to the target environment is said to be undertaken through a variety of methods ranging from social engineering using phone calls and messages sent via Telegram to impersonate IT personnel.

Another instance involved the exploitation of a critical remote code execution bug in ForgeRock OpenAM access management solution that came under active exploitation last year.

Many of the attacks also involved Scattered Spider gaining access to the compromised entity's multi-factor authentication console to enroll their own devices for persistent remote access through legitimate remote access tools to avoid raising red flags.

Initial access and persistence steps are followed by reconnaissance of Windows, Linux, Google Workspace, Azure Active Directory, Microsoft 365, and AWS environments as well as conducting lateral movement, while also downloading additional tools to exfiltrate VPN and MFA enrollment data in select cases.

"These campaigns are extremely persistent and brazen," Parisi noted.

News URL

https://thehackernews.com/2022/12/telcom-and-bpo-companies-under-attack.html