In an effort led by The Red Guild and Opsek (Pablo Sabbatella), the Security Alliance (SEAL) has released a public security advisory on a recent compromise within some SMS gateway providers.
One Time Pwnage: SEAL Releases Advisory On SLOVENLY COMET
A new threat actor is exploiting privileged access in the SMS supply chain to intercept OTP codes and other messages.
From the advisory:
Attackers successfully intercepted SMS-based MFA messages from numerous prominent services including Google, Microsoft, Apple, Telegram, Facebook, Mercadolibre, Amazon, Binance, Betfun, Instagram, TikTok, Temu, and Signal, as well as regional services such as Mercado Pago, Mi Argentina (Argentina), Banco Formosa (Uruguay), TRANSVIP (Chile). Based on internal investigations, publicly available information, and leaked data, we believe at least 50 services were affected.
We traced this specific attack pattern back to at least February 7th of this year and have designated the threat actor behind this attack as SLOVENLY COMET. We encourage anyone with information about SLOVENLY COMET to reach out at [email protected].
Find more details about the investigation, current status and recommendations in the advisory article.
One Time Pwnage: SEAL Releases Advisory On SLOVENLY COMET
A new threat actor is exploiting privileged access in the SMS supply chain to intercept OTP codes and other messages.
In the following weeks we'll keep the community posted as the investigation further develops and mitigations are put in place.