Nov 22, 2022 - Technology

New hacking campaign swaps malware for phone calls

Illustration of a mouse in a bear trap

Illustration: Sarah Grillo/Axios

Palo Alto Networks has investigated several incidents involving a data extortion gang using a growing social engineering tactic to extort retailers and other businesses out of hundreds of thousands of dollars, according to a report Monday.

Why it matters: The report highlights the range of threats retailers, other businesses and consumers are up against heading into the hectic holiday season — and the depths hackers will go to make sure they find success.

Driving the news: Researchers at Palo Alto Networks said they've uncovered an ongoing hacking campaign from a group known as both "Luna Moth" and "Silent Ransom" that ditches traditional malware attacks for phone calls.

How it works: The scam typically starts with a phishing email, sent through a legitimate service, to a corporate email claiming the recipient's credit card was charged for a recent service. The email usually has a PDF invoice attached.

  • The invoice includes a phone number recipients can call if they have questions about the charges. Once they call, they're connected to a call center run by the malicious hackers.
  • On the call, the hacker then walks the person through downloading and running a "support tool" that gives the hacker remote access to the victim's computer.
  • Once inside, the hacker blanks out the screen so the victim can't see their actions and moves quickly to steal files and personal data from the device.
  • The hacker follows up with an extortion email, detailing the data that was stolen and demanding payment to keep the hacker from leaking the data online.

The intrigue: The data extortion group behind these callback phishing attacks is suspected of having ties to the defunct Conti ransomware gang, a Russian group known for its attacks on hospital systems and other critical infrastructure.

Threat level: Researchers anticipate "callback phishing attacks to increase in popularity due to the low per-target cost, low risk of detection and fast monetization," the report says.

  • The campaign is currently targeting the retail and legal sectors and is "actively evolving."

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper