Ransomware groups now implement search functionalities
July 11, 2022
New C/C++ ransomware operation emerges
July 13, 2022

Threat actors impersonate cybersecurity firms in callback phishing campaigns

In a recent report by CrowdStrike, they reveal a callback phishing campaign where threat actors are impersonating well-known cybersecurity companies, such as CrowdStrike to gain initial access to corporate networks. The report stated that this campaign will likely lead to ransomware attacks, as previously seen with past callback phishing campaigns.

Callback phishing campaigns involve the impersonation of well-known organisations requesting the target to call a number to resolve a problem, cancel a subscription renewal, or discuss another issue. And when the target calls the numbers, the threat actors use social engineering to convince the target to install remote access software on their devices, providing initial access to corporate networks. This access is then used to compromise the entire Windows domain.

In this new callback phishing campaign, threat actors have been seen impersonating CrowdStrike where they are pretending to warn targeted recipients that malicious network intruders have compromised their workstations and that an in-depth security audit is required.

“This is the first identified callback campaign impersonating cybersecurity entities and has higher potential success given the urgent nature of cyber breaches,” – CrowdStrike.

It was noted by CrowdStrike that in March 2022, its analysts identified a similar campaign in which threat actors used AteraRMM to install Cobalt Strike and then move laterally on the victim’s network before they deployed malware.

Previous callback phishing campaigns were popular when the Conti ransomware gang used the BazarCall phishing campaigns to gain initial access to corporate networks. Sources have stated that the recent callback campaign is believed to be conducted by the Quantum ransomware gang.

Leave a Reply

Your email address will not be published. Required fields are marked *