It is worth noting that the threat actors had already acquired the username and password combinations for the target accounts. However, these accounts were fortified with MFA, leaving the attackers with no alternative but to resort to social engineering tactics to manipulate service desk personnel into resetting this critical security tool.
Had the attackers succeeded, they would have gained the ability to assign elevated privileges to other accounts, manipulate authenticators for different individuals, and potentially disable two-factor authentication as required.
