1. Home
  2. Detection Strategies
  3. Detection of Impersonate SS7 Nodes

Detection of Impersonate SS7 Nodes

Technique Detected:  Impersonate SS7 Nodes | T1430.002

ID: DET0662
Domains: Mobile
Analytics: AN1753, AN1754
Version: 1.0
Created: 21 October 2025
Last Modified: 21 October 2025
Version Permalink

Analytics

AN1753

Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.[1] The CSRIC also suggests threat information sharing between telecommunications industry members.

Log Sources
Data Component Name Channel
Network Traffic Flow (DC0078) Network Traffic None

AN1754

Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.[1] The CSRIC also suggests threat information sharing between telecommunications industry members.

Log Sources
Data Component Name Channel
Network Traffic Flow (DC0078) Network Traffic None

References

  1. Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.