Three Conti offshoots develop own call back phishing tactics to breach networks

The Hacker News reports that Quantum, Silent Ransom, and Roy/Zeo, three autonomous threat groups that split from the Conti cybercrime cartel, have created and adopted their own targeted call back phishing tactic called BazaCall as initial vector to access and breach targeted network, according to a report from cybersecurity firm Advintel. Also called BazarCall, this advanced social engineering tactic gained spotlight in 2020 and 2021 when it was used by Ryuk ransomware operators. These campaigns signicantly increased attacks against companies in insurance, legal, technology and finance industries. "These attacks can be categorized as data breach ransom attacks, in which the main focus of the group is to gain access to sensitive documents and information, and demand payment to withhold publication of the stolen data," according to Sygnia, which monitors the activities of Silent Ransom. In this phishing attack, the threat actor sends spam or email to their targets to inform them of an upcoming premium subscription charge on their credit card, and they are asked to call the listed phone number to cancel the payment, but the number belongs to the threat group's fraudulent call center, which convices the victim to give them remote desktop control to cancel the supposed subscription.