[nodesocket]

This seems to indicate a level of sophistication behind traditional hacking skills. How did they get the phone number to know which carrier to contact to socially engineer?

Also, I am not sure I understand:

> we suspect weaknesses inherent to SMS-based 2FA to be the root cause of this incident

It seems that optaining employee login credentials was the root cause, and bypassing 2FA was the second hurdle but not the root cause.

[freeone3000]

You don't need to know the carrier, just the number. Talk to a carrier in the country and ask to port "your" number to a new plan. Most salespeople would have no problem ignoring security for a sale.