Cybercrime group ‘Muddled Libra’ threatens BPO industry
NEW YORK, UNITED STATES — A cybercrime group known as Muddled Libra reportedly targets the Business Process Outsourcing (BPO) industry to steal private data.
According to cybersecurity firm Palo Alto Networks’ Unit 42, the group has launched persistent attacks on the sector using advanced social engineering techniques.
The group’s methods were identified in late 2022 when it began using the 0ktapus phishing kit, a prebuilt hosting framework with bundled templates. This tool was initially connected to smishing attacks against multiple organizations, including Twilio and Cloudflare.
Muddled Libra uses smishing and the 0ktapus phishing kit to gain initial access. The group is known for its persistence and flexibility, changing tactics rapidly when faced with obstacles. Sometimes, they even repeatedly attack the same victims to update their dataset.
The unique features of Muddled Libra’s strategy include abusing multi-factor authentication (MFA) notification fatigue to steal credentials, tampering with endpoint security for defense evasion, and collecting employee information for smishing attacks. If unsuccessful, they contact the organization’s help desk, impersonating the victim to gain control over a new MFA device.
Unit 42 emphasizes that Muddled Libra’s social engineering success is significant, with the group demonstrating a high degree of comfort engaging with the help desk and other employees over the phone.
The researchers warned that the group’s sophisticated understanding of enterprise IT makes it a serious threat to organizations, even those with robust cyber defenses.
