Cyber Resilience

Campaign · all campaigns

C0027C0027 unknown

aka C0027

Last updated: 2026-07-03

1attributed CVEs
42ATT&CK techniques
1.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[C0027](https://attack.mitre.org/campaigns/C0027) was a financially-motivated campaign linked to [Scattered Spider](https://attack.mitre.org/groups/G1015) that targeted telecommunications and business process outsourcing (BPO) companies from at least June through December of 2022. During [C0027](https://attack.mitre.org/campaigns/C0027) [Scattered Spider](https://attack.mitre.org/groups/G1015) used various forms of social engineering, performed SIM swapping, and attempted to leverage access from victim environments to mobile carrier networks.(Citation: Crowdstrike TELCO BPO Campaign December 2022)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-426 / 4262%
CM-624 / 4257%
AC-322 / 4252%
AC-220 / 4248%
AC-620 / 4248%
CM-719 / 4245%
IA-219 / 4245%
AC-418 / 4243%
AC-518 / 4243%
CM-218 / 4243%
CA-717 / 4240%
CM-517 / 4240%
SC-715 / 4236%
SI-313 / 4231%
IA-511 / 4226%

Co-occurring actors

Similar actors

Overlapping CVEs