A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022.
“The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity,” CrowdStrike researcher Tim Parisi said in an analysis published last week.
The financially motivated attacks have been attributed by the cybersecurity company to an actor tracked as Scattered Spider.
Initial access to the target environment is said to be undertaken through a variety of methods ranging from social engineering using phone calls and messages sent via Telegram to impersonate IT personnel.
This technique is leveraged to direct victims to a credential harvesting site or trick them into installing commercial remote monitoring and management (RMM) tools like Zoho Assist and Getscreen.me.
images from Hacker News