Novel intrusion campaign against telecom, BPO firms detailed

Telecommunications service providers and business process outsourcing companies are being targeted by a new ongoing intrusion campaign by Scattered Spider, which involves mitigation reversal upon breach detection, reports BleepingComputer. Since June, five different intrusions have been deployed in relation to the campaign, which seeks to compromise telecom network systems and subscriber data in an effort to perform SIM swapping attacks and other malicious operations, a report from CrowdStrike revealed. Researchers noted that attackers have been leveraging various social engineering techniques, including phone calls and Telegram or SMS messages to employees, to facilitate initial network access. Push-notification multi-factor authentication fatigue techniques have also been leveraged in the attacks, which also involve the usage of various remote monitoring and management tools and utilities. Threat actors behind the operation have also remained persistent in maintaining network access, according to researchers. "In multiple investigations, CrowdStrike observed the adversary become even more active, setting up additional persistence mechanisms, i.e. VPN access and/or multiple RMM tools, if mitigation measures are slowly implemented. And in multiple instances, the adversary reverted some of the mitigation measures by re-enabling accounts previously disabled by the victim organization," said CrowdStrike.