>The jury were shown Telegram group chats of the gang instructing someone they'd hired to call the Nvidia staff help desk pretending to be an employee in an attempt to get log in details for the firm.
>In other hacks the gang spammed employee phones late at night with access approval requests until staff said yes.
So basically Social engineering, both the traditional phone scam method and the MFA fatigue attack, and I can almost guarantee that the vulnerable part was Microsoft Authenticator App for Azure services, another reason not to use Microsoft since they can’t even use an open MFA standards and have to use their app. If you would like to see MFA fatigue attack in action, check this video: https://youtu.be/81zbtlOMTzU
>In other hacks the gang spammed employee phones late at night with access approval requests until staff said yes.
So basically Social engineering, both the traditional phone scam method and the MFA fatigue attack, and I can almost guarantee that the vulnerable part was Microsoft Authenticator App for Azure services, another reason not to use Microsoft since they can’t even use an open MFA standards and have to use their app. If you would like to see MFA fatigue attack in action, check this video: https://youtu.be/81zbtlOMTzU