Pink is the latest goon squad to use fake helpdesk calls to steal creds

https://image.theregister.com/5251457.jpg?imageId=5251457&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

A familiar tactic popularized by chaotic crime crew Lapsus$

A new extortion brand called Pink uses voice phishing and fake help-desk calls to gain initial access to organizations’ IT environments, steal their sensitive data, and threaten to leak it unless the victims pay a ransom demand.

Palo Alto Networks' Unit 42 first spotted the gang, which it tracks as cluster CL-CRI-1147, and its data-leak site, which went live on May 31. “Pink uses vishing and IT impersonation to phish credentials/MFA, then exfiltrates enterprise cloud storage and productivity data to extort victims,” the threat-intelligence biz said in a LinkedIn post.

If this all sounds very familiar, it should. Pink is just the latest goon squad to use these social-engineering tactics to steal employees’ credentials and bypass multi-factor authentication, using this access to burgle companies’ cloud storage and databases.

Chaotic crime crew Lapsus$, during its 2021 and 2022 extortion spree that hit ...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more

https://i.guim.co.uk/img/media/11cd1419a0276e86ffc6328afef5a1ab081ad240/0_100_6000_4800/master/6000.jpg?width=300&dpr=2&s=none

A profile of Google DeepMind philosopher Iason Gabriel, whose work has tracked, and in many cases predicted, the ethical challenges posed by the success of LLMs

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.