Cyber Security Today, Sept. 13, 2023 – Warning: This group specializes in SMS texting scams

Share post:

Warning: This group specializes in SMS texting scams.

Welcome to Cyber Security Today. It’s Friday, September 15th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


Many threat actors use email phishing messages as their attack vectors to trick employees. A group known as UNC3944 to researchers at Mandiant has a different strategy. It often uses SMS text messages and phone calls as its communications vehicle. In a report Thursday the researchers said this group’s tactic is to contact corporate help desks and persuade staff they are an employee having network access trouble and need their passwords reset or a new multifactor authentication code. Once in an IT network they escalate their access privileges until they can launch malware, steal data or install ransomware. Some researchers call this group Oktapus, Scatter Swine or Scattered Spider. Mandiant says IT leaders have to stop using SMS text as a multifactor authentication verification option, block external access to Microsoft Azure and Microsoft 365 administration features, and require video verification of a help desk caller who wants a password reset. The user’s image should be matched to a database of employee photos. The user would also have to show a piece of ID, like a driver’s licence.

An Iranian-based group is successfully compromising organizations with password spray tactics, according to Microsoft. The group has been dubbed Peach Sandstorm under Microsoft’s new naming protocol. All groups from Iran have Sandstorm in their name. Other researchers call it ATP33 or Elfin. The group’s targets include companies in the defence, satellite and pharmaceutical industries. The goal is probably to steal industrial secrets. Password spraying is where threat actors try to authenticate to many accounts using a single password or a list of commonly used passwords. It differs from a brute force attack, which targets a single account. But this group also sometimes tries to exploit vulnerabilities in applications to get network access. To defend against this group Microsoft says IT departments should implement multifactor authentication. They should also consider implementing passwordless solutions for employees.

Information on thousands of police officers and staff from Britain’s Greater Manchester Police have been copied from a company that makes police identity cards. It’s the second cyber attack on a U.K. police ID card maker in less than a month. The data would include names, photos and identity numbers in the ransomware attack. Last month a similar data theft from a police supplier happened in London.

Windows administrators who allow Kubernetes containers in their environment should be aware of new vulnerabilities. Researchers at Akamai say Kubernetes clusters below version 1.28 need to be patched to avoid being exploited and then have a hacker to do nasty things.

Finally, the SWIFT banking network, which ties together financial institutions from around the world, is holding its annual SIBOS convention in Toronto next week. I’m hosting a ransomware panel on Monday afternoon aimed at senior managers. If you’re there, say hello. I like to meet my listeners.

Later today the Week in Review will be available. Guest commentator David Shipley of Beauceron Security and I will discuss Microsoft’s explanation of how a threat actor got hold of a digital signing key that allowed it to forge email access tokens.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 13, 2023 – Warning: This group specializes in SMS texting scams first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Times up for TikTok. Or is it? Hashtag Trending for Thursday April 25, 2024

Times up for TikTok – or is it? A whirlwind of news in AI this week. And an...

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Pushing back against rising cloud costs: Hashtag Trending for Wednesday, April 24, 2024

Pushing back against rising cloud costs – one CEO make big savings, Microsoft makes it clear that it...

Digital humans make inroads into customer service: Hashtag Trending for Tuesday, April 23, 2024

Before we get to our stories, coincidentally leading with one on digital humans used in customer service, we...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways