Bill Toulas reports:
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.
The campaign was spotted by Crowdstrike, who says the attacks started in June 2022 and are still ongoing, with the security researchers able to identify five distinct intrusions.
The attacks have been attributed with low confidence to hackers tracked as ‘Scattered Spider,’ who demonstrate persistence in maintaining access, reversing mitigations, evading detection, and pivoting to other valid targets if thwarted.
Read more at BleepingComputer.