Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
CrowdStrike Services
Word Count
4,076
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

CrowdStrike has been actively investigating a persistent intrusion campaign targeting telecommunications and business process outsourcing (BPO) companies, with a focus on gaining unauthorized access to mobile carrier networks and performing SIM swapping activities. The attacks typically begin with social engineering tactics, such as impersonating IT personnel through phone calls and messages to direct victims to credential-harvesting sites or to install remote monitoring and management (RMM) tools. This campaign, attributed with low confidence to the SCATTERED SPIDER eCrime adversary, showcases the adversary's persistence and adaptability, as they often implement additional persistence mechanisms like VPN access and multiple RMM tools if initial mitigation measures are slow. CrowdStrike emphasizes the importance of secure identity-based security measures, such as multifactor authentication (MFA) and robust authentication restrictions, to effectively combat these threats. The report highlights the use of various RMM tools by the adversary to maintain access, and the importance of swift containment and mitigation actions to disrupt their activities.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 2 2,394 1,321 1 -
Real-time 1 1,659 640 46 +203%
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.