PUBLIC SERVICE ANNOUNCEMENT:
There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.
The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.
The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.
It was their cell phone provider.
Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.
Go check your systems now. Go try to access all your stuff like you forgot your password.
I am very serious.
npub1d4…7kpws
2024-01-11 02:22:42
Author Public Key
npub1d432c5fu63d6x29823n45mw2ff5yyfh8u4mc03yxmgxtjrq6rfgqh7kpwsPublished at
2024-01-11 02:22:42Event JSON
{
"id": "0f1a81d7a227401d6bf936b8f6ee1ea1689eb3e6ca9ca56548b4e48c9a123882",
"pubkey": "6d62ac513cd45ba328a754675a6dca4a684226e7e57787c486da0cb90c1a1a50",
"created_at": 1704936162,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/SwiftOnSecurity/statuses/111734696364766969",
"activitypub"
]
],
"content": "PUBLIC SERVICE ANNOUNCEMENT:\n\nThere is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.\n\nThe attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.\n\nThe insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.\n\nIt was their cell phone provider.\n\nMake it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.\nGo check your systems now. Go try to access all your stuff like you forgot your password.\n\nI am very serious.",
"sig": "cfb06c5cb8d9535dde9032a9c834a0ce519253517b39a00cde94397801191f66ad4061edd3bafd0c9463a07abc79e4d6866c1f0ee8102cf86623d205cede27df"
}