Security News > 2022 > August > Conti Cybercrime Cartel Using 'BazarCall' Phishing Attacks as Initial Attack Vector
Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks.
"Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a Wednesday report.
The phishing attack is also unique in that it forgoes malicious links or attachments in email messages in favor of phone numbers that recipients are tricked into calling by alerting them of an upcoming charge on their credit card for a premium subscription.
"Call back phishing was the tactic that enabled a widespread shift in the approach to ransomware deployment," AdvIntel said, adding the "Attack vector is intrinsically embedded into the Conti organizational tradition."
Silent Ransom, the first Conti subgroup to move away from the cybercrime gang in March 2022, has since been linked to data extortion attacks after gaining initial access through subscription expiry emails that claim to notify users of pending payment for Zoho Masterclass and Duolingo services.
The findings come as industrial cybersecurity company Dragos disclosed the number of ransomware attacks on industrial infrastructures decreased from 158 in the first quarter of 2022 to 125 in the second quarter, a drop it attributed with low confidence to Conti closing shop.
News URL
https://thehackernews.com/2022/08/conti-cybercrime-cartel-using-bazarcall.html
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)