A trio of Conti offshoots develop special call back phishing techniques to penetrate networks
Hacker News reports that Quantum, Silent Ransom, and Roy/Zeo, three autonomous threat groups formed by the Conti cybercrime cartel, have developed and implemented a targeted call-back phishing tactic called BazaCall as a first step toward accessing and breaching targeted networks, according to a report from cybersecurity firm Advintel.
In 2020 and 2021, Ryuk ransomware operators employed this advanced social engineering tactic, also known as BazarCall. Insurers, lawyers, technology companies, and finance companies were significantly targeted by these campaigns.
According to Sygnia, a company that monitors Silent Ransom's activities, these attacks are classified as data breach ransom attacks, in which the group aims to get access to sensitive documents and information and asks for payment to keep the stolen data from being published.
It is a type of phishing attack where a threat actor sends spam or an email to their targeted clients informing them of the upcoming premium subscription charge on their credit card and asking them to cancel the payment by calling the listed number. However, the number belongs to the threat group's fraud call center, which convinces the victim to give them remote desktop control to cancel what they claim to be a subscription.