ZDNet reports that numerous organizations are being targeted with a new callback phishing campaign spoofing cybersecurity companies in an effort to gain network access.
Attackers have been sending phishing messages under the pretense of being from the recipients' "outsourced data security vendor" warning about possible compromise related to "abnormal activity" in an effort to trick recipients into calling a fake helpline, according to a report from CrowdStrike, which is also one of the cybersecurity firms impersonated in the campaign. Recipients are then persuaded to install remote administration tools for network access.
Threat actors behind the campaign may be looking to monetize gained network access either through selling the access to ransomware gangs or performing the attacks themselves, researchers noted.
"This is the first identified callback campaign impersonating cybersecurity entities and has higher potential success given the urgent nature of cyber breaches," said CrowdStrike, which emphasized that its customers would never be communicated through the means used by the attackers.