INFO:

The adversary reemerged with more aggressive identity-based tradecraft – leveraging vishing and help desk impersonation to reset credentials, bypass MFA, and move laterally across SaaS and cloud environments.