"We are aware of several dozen high-value corporate entities targeted across multiple sectors. UNC6783 primarily compromises call centers and business process outsourcers (BPOs) that work with larger companies."
"The campaign relies on social engineering via live chat to direct employees to malicious, spoofed Okta login pages. These domains frequently masquerade as the targeted organization using a domain pattern such as <org>[.]zendesk-support<##>[.]com."
"The attackers use a phishing kit to bypass multi-factor authentication (MFA) by stealing clipboard contents, and then enrolling their own devices for persistent access to victim environments."
UNC6783, a financially motivated extortion crew, has targeted several dozen high-value corporations through phishing and social engineering. They primarily compromise call centers and business process outsourcers, gaining access to larger companies' networks. The crew uses tactics such as spoofed login pages and phishing kits to bypass multi-factor authentication. They also employ fake security updates to install remote access malware. After stealing data, they send ransom notes via Proton Mail accounts. The group may have connections to the 'Raccoon' persona.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]