CrowdStrike warned about hackers impersonating prominent cybersecurity companies including CrowdStrike itself. According to the researchers, they spotted a callback phishing campaign on July 8, 2022.
In this malicious campaign, victims receive emails that appear to originate from security companies which claims that they have identified a malicious activity in the recipient’s network. The phishers’ goal is to trick the victim into installing a remote access trojan (RAT) that opens the door for further attacks.
“The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number. This campaign leverages similar social-engineering tactics to those employed in recent callback campaigns including WIZARD SPIDER’s 2021 BazarCall campaign,” reads the CrowdStike’s report.
The researchers couldn’t identify the malware variant used in this campaign. Nevertheless, they assumed that the threat actors will likely use ransomware to monetize their operation. For example, in 2021 during the BazarCall campaigns hackers deployed Conti ransomware as a final payload. Since Conti RaaS has already ceased its operations, the researchers find it difficult to say what variant is in use now.