Skip to content

DET0662 Detection of Impersonate SS7 Nodes

Item Value
ID DET0662
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1430.002 (Impersonate SS7 Nodes)

Analytics

Android

AN1753

Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC5-WG10-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.

Log Sources
Data Component Name Channel
Network Traffic Flow (DC0078) Network Traffic None
Mutable Elements
Field Description

iOS

AN1754

Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC5-WG10-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.

Log Sources
Data Component Name Channel
Network Traffic Flow (DC0078) Network Traffic None
Mutable Elements
Field Description