"The actor primarily focuses on compromising Business Process Outsourcers (BPOs) that work with these targeted companies. We have also seen them target the support and helpdesk staff of these organizations directly to gain trusted access and steal sensitive data for extortion operations."
"We have also observed them using fake security software updates to trick victims into downloading remote access malware. Following data exfiltration, UNC6783 has been known to use Proton Mail accounts to deliver ransom notes for data theft extortion operations."
UNC6783, a financially motivated threat actor, is targeting business process outsourcing organizations to steal sensitive data from high-value companies. This actor employs social engineering and phishing campaigns, focusing on compromising BPOs that work with these companies. Techniques include luring employees to spoofed login pages and using phishing kits to bypass multi-factor authentication. The actor also uses fake support pages and security updates to deploy malware. After data exfiltration, ransom notes are sent via Proton Mail for extortion purposes.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]