Security News > 2022 > August > Conti extortion gangs behind surge of BazarCall phishing attacks
At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network.
Currently, there is evidence of three groups, all part of the former Conti ransomware operation, that used BazarCall or a version of those tactics: Silent Ransom Group, Quantum, and Roy/Zeon.
AdvIntel researchers say that the initial faction running BazarCall campaigns separated from the Conti syndicate in March 2022 and formed a new collective called Silent Ransom Group, also tracked as Luna Moth.
Starting April 2022, as Conti was shutting down, the BazarCall operators formed their own extortion group called Silent Ransom Group.
The BazarCall call campaigns attributed to the Quantum group have grown more sophisticated in two-months time and targeted high-profile companies based on exclusive email datasets they purchased.
The three groups adopting the BazarCall tactics to breach companies have shown that the extortion business, either by just stealing data or combined with network encryption, can still be profitable.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)