‘Callback’ Phishing Campaign Impersonates Security Firms

2022-07-12 11:43

A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware.

Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the companies, among other security firms, being impersonated, they said in a recent blog post.

The campaign employs a typical phishing email aiming to fool a victim into replying with urgency-in this case, implying that the recipient's company has been breached and insisting that they call a phone number included in the message, researchers wrote.

"Historically, callback campaign operators attempt to persuade victims to install commercial RAT software to gain an initial foothold on the network," researchers wrote in the post.

That website instead led them to malicious download. CrowdStrike also identified a campaign in March of this year in which threat actors used a callback phishing campaign to install AteraRMM followed by Cobalt Strike to assist with lateral movement and deploy additional malware, CrowdStrike researchers said.

Researchers also assessed with "Moderate confidence" that callback operators in the campaign "Will likely use ransomware to monetize their operation," they said, "As 2021 BazarCall campaigns would eventually lead to Conti ransomware," they said.

News URL

https://threatpost.com/callback-phishing-security-firms/180182/

#phishing #security