#SIMswapping is still a very real thing. Now, it's being used to bypass defense and detection methods within #Azure to gain full #administrative access for #Windows #VirtualMachines. This is pretty advanced, but it's still a big danger. #UNC3944 https://www.scmagazine.com/news/cloud-security/threat-actor-bypasses-detection-protections-in-microsoft-azure-serial-console?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGLzUgAlV_uPRm28W067Sf5RayoZQN17Xrk53YEG17z3Gl_7qKsu2bjdUUW2CRUpserJQgXmMB46ieb_G5KrSlLHQGWs_K0TtXaXsrlmIPgkg

#Hacking #ThreatIntelligence #InitialAccess #LateralMovement #Persistence #Cloud #CloudAttackSurface

🚨 ALERT: Financially motivated #UNC3944 cyber attackers are leveraging #Microsoft Azure Serial Console to gain full administrative access to virtual machines!

https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html

#cybersecurity #informationsecurity

Cryptocurrency exchange operator Coinbase have disclosed an attempted intrusion by #UNC3944/#ScatteredSpider from early February.

The attack used SMS Phishing (#Smishing) to deliver a malicious URL that pointed to a credential harvesting campaign, but thankfully despite an employee falling for the fake login page, they hesitated when the attackers attempted to socially engineer their way past MFA protections.

UNC3944 is a highly capable actor that has only been growing in sophistication since their debut in the 0ktapus campaign of 2022, and one that every organisation should be wary of.

We've summarised the key TTP overlaps between these intrusions and provided some tips on how to enhance the resistance of your MFA solutions against social engineering and MFA fatigue attacks: https://opalsec.substack.com/p/return-of-the-0ktapus?sd=pf