top of page

Analysis of an Intrusion Campaign Targeting Telco and BPO Companies

In this attack campaign, the adversary demonstrates persistence in trying to gain access to victim environments and performs constant, and typically daily, activity within the target environment once access is gained. It is imperative for organizations to swiftly implement containment and mitigation actions if this adversary is in the environment. In multiple investigations, CrowdStrike observed the adversary become even more active, setting up additional persistence mechanisms, i.e. VPN access and/or multiple RMM tools, if mitigation measures are slowly implemented.

ATT&CK IDS: T1040 - Network Sniffing, T1036 - Masquerading, T1134 - Access Token Manipulation, T1566 - Phishing, T1090 - Proxy, T1190 - Exploit Public-Facing Application, T1219 - Remote Access Software, T1078 - Valid Accounts, T1046 - Network Service Scanning, T1593 - Search Open Websites/Domains, T1210 - Exploitation of Remote Services

Read More:



Commenting has been turned off.
bottom of page