Seitel Systems is committed to ensuring and maintaining the security of our client’s information – and with recent news of a new criminal actor (DEV-0537) targeting several organizations in the government, technology, telecom, media, retail and healthcare sectors, we wanted to share with you what we’ve learned about this new hacking group.
As a Microsoft Partner we’re tuned into the MSTIC (Microsoft Threat Intelligence Center), which has assessed that the objective of DEV-0537 is to “gain elevated access through stolen credentials that enable data theft and destructive attacks against targeted organizations, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction.”
Released just this past month (on March 24th), you can read a more in-depth analysis from Microsoft here, however, our initial take and messaging to our clients and prospective clients is this:
- These actors have focused on social engineering efforts to get information about an organization’s business operations – these social engineering tactics include spamming a target user with multi-factor authentication (MFA) prompts and calling the organization’s help desk to reset a target’s credentials
- They’re purchasing credentials and session tokens from criminal underground forums
- They’re paying employees at targeted organizations (or suppliers/business partners) for access to credentials and MFA approval
- They’ve successfully gained access to target organizations through recruited employees (or employees of their suppliers or business partners)
To thwart these criminal efforts, we suggest:
- Reviewing and strengthening your multi-factor authentication
- Updating your VPN authentication options
- Consider disabling 3rd party or external VPN accounts when not in use
- Reviewing and strengthening your cloud security posture
- Embedding a culture of security awareness with your team
As always, we encourage our clients to be extra-vigilant about information security by using strong passwords, multi-factor authentication and thoroughly monitoring access to digital assets when and where needed.
In these unprecedented times, Seitel Systems can help you win the battle against cybercriminals and other bad actors – so don’t hesitate to call us at 206-832-2820 or email us at firstname.lastname@example.org to learn more.