Menu
In a recent report by CrowdStrike, they reveal a callback phishing campaign where threat actors are impersonating well-known cybersecurity companies, such as CrowdStrike to gain initial access to corporate networks. The report stated that this campaign will likely lead to ransomware attacks, as previously seen with past callback phishing campaigns.
Callback phishing campaigns involve the impersonation of well-known organisations requesting the target to call a number to resolve a problem, cancel a subscription renewal, or discuss another issue. And when the target calls the numbers, the threat actors use social engineering to convince the target to install remote access software on their devices, providing initial access to corporate networks. This access is then used to compromise the entire Windows domain.
In this new callback phishing campaign, threat actors have been seen impersonating CrowdStrike where they are pretending to warn targeted recipients that malicious network intruders have compromised their workstations and that an in-depth security audit is required.
“This is the first identified callback campaign impersonating cybersecurity entities and has higher potential success given the urgent nature of cyber breaches,” – CrowdStrike.
It was noted by CrowdStrike that in March 2022, its analysts identified a similar campaign in which threat actors used AteraRMM to install Cobalt Strike and then move laterally on the victim’s network before they deployed malware.
Previous callback phishing campaigns were popular when the Conti ransomware gang used the BazarCall phishing campaigns to gain initial access to corporate networks. Sources have stated that the recent callback campaign is believed to be conducted by the Quantum ransomware gang.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
