CrowdStrike has been actively investigating a persistent intrusion campaign targeting telecommunications and business process outsourcing (BPO) companies, with a focus on gaining unauthorized access to mobile carrier networks and performing SIM swapping activities. The attacks typically begin with social engineering tactics, such as impersonating IT personnel through phone calls and messages to direct victims to credential-harvesting sites or to install remote monitoring and management (RMM) tools. This campaign, attributed with low confidence to the SCATTERED SPIDER eCrime adversary, showcases the adversary's persistence and adaptability, as they often implement additional persistence mechanisms like VPN access and multiple RMM tools if initial mitigation measures are slow. CrowdStrike emphasizes the importance of secure identity-based security measures, such as multifactor authentication (MFA) and robust authentication restrictions, to effectively combat these threats. The report highlights the use of various RMM tools by the adversary to maintain access, and the importance of swift containment and mitigation actions to disrupt their activities.