Security News > 2022 > December > Telcom and BPO Companies Under Attack by SIM Swapping Hackers
"The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week.
Initial access to the target environment is said to be undertaken through a variety of methods ranging from social engineering using phone calls and messages sent via Telegram to impersonate IT personnel.
Another instance involved the exploitation of a critical remote code execution bug in ForgeRock OpenAM access management solution that came under active exploitation last year.
Many of the attacks also involved Scattered Spider gaining access to the compromised entity's multi-factor authentication console to enroll their own devices for persistent remote access through legitimate remote access tools to avoid raising red flags.
Initial access and persistence steps are followed by reconnaissance of Windows, Linux, Google Workspace, Azure Active Directory, Microsoft 365, and AWS environments as well as conducting lateral movement, while also downloading additional tools to exfiltrate VPN and MFA enrollment data in select cases.
"These campaigns are extremely persistent and brazen," Parisi noted.
News URL
https://thehackernews.com/2022/12/telcom-and-bpo-companies-under-attack.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)