Incident Response Actions are Systematically Reverse by Hackers to Maintain Persistence

Analysis of attacks on two cellular carriers have resulted in the identification of threat actions designed to undo mitigations taken by security teams mid-attack.