The Securities and Exchange Commission has actually connected a SIM switching attack to its account breach on X previously this month, which caused the development of a phony post revealing approval of Bitcoin ETFs that triggered the cryptocurrency’s rate to spike. In an upgrade on Monday, the SEC states an “unapproved celebration acquired control of the SEC telephone number related to the account in an evident ‘SIM swap’ attack.”
A SIM-swapping attack takes place when a bad star gets a victim’s telephone number through strategies like social engineering. That enables the aggressor to obstruct calls and texts meant for the victim, consisting of two-factor authentication codes, which they can then utilize to check in to their victim’s accounts.
In the SEC’s case, a bad star reset the password for its X account after acquiring control of the telephone number connected to it. While the SEC states multifactor authentication was formerly allowed on the firm’s X account, it was “handicapped by X Assistance, at the personnel’s demand, in July 2023 due to concerns accessing the account.” The SEC just reenabled MFA after it recognized its account was jeopardized on January 9th, and states it has MFA active on all of its other social networks accounts that have the choice.
The SEC states police is still examining how the aggressor learnt which telephone number it was utilizing for its X account, and how they got the mobile provider to switch SIMs.