“This technique typically begins with the attacker identifying a key user within an organization’s IT team. The attacker then calls the helpdesk, posing as the employee to request a new password and MFA deactivation for their account. Once successful, they can implement measures to ensure their own persistence and execute more damaging campaigns that have included data theft, ransomware, extortion, and other criminal activities,” Security Boulevard reports.
“Fortunately, threat actors tend to follow a predictable pattern when leveraging this attack technique,” according to the article, which provides useful information on detecting the outcome of such attacks in logs, and preventing and mitigating attacks.