13 C
Tuesday, October 31, 2023

Cybercriminal Group Octo Tempest and Its Menacing Phishbait

Cybercrime Has Global EcosystemMicrosoft is monitoring a cybercriminal group known as “Octo Tempest” that makes use of threats of violence as a part of its social engineering and knowledge theft extortion campaigns.

“Octo Tempest is a financially motivated collective of native English-speaking risk actors identified for launching wide-ranging campaigns that prominently characteristic adversary-in-the-middle (AiTM) methods, social engineering, and SIM swapping capabilities,” the researchers write.

“Octo Tempest, which overlaps with analysis related to 0ktapus, Scattered Spider, and UNC3944, was initially seen in early 2022, concentrating on cellular telecommunications and enterprise course of outsourcing organizations to provoke cellphone quantity ports (also called SIM swaps). Octo Tempest monetized their intrusions in 2022 by promoting SIM swaps to different criminals and performing account takeovers of high-net-worth people to steal their cryptocurrency.”

The risk actor depends on social engineering to achieve preliminary entry to its victims’ environments.

“Octo Tempest generally launches social engineering assaults concentrating on technical directors, resembling help and assist desk personnel, who’ve permissions that would allow the risk actor to achieve preliminary entry to accounts,” Microsoft says. “The risk actor performs analysis on the group and identifies targets to successfully impersonate victims, mimicking idiolect on cellphone calls and understanding private identifiable data to trick technical directors into performing password resets and resetting multi-factor authentication (MFA) strategies. Octo Tempest has additionally been noticed impersonating newly employed staff in these makes an attempt to mix into regular on-hire processes.”

The group has expanded its operations and grown extra aggressive for the reason that starting of the 12 months. It additionally grew to become an affiliate of the ALPHV/BlackCat ransomware-as-a-service operation.

“In late 2022 to early 2023, Octo Tempest expanded their concentrating on to incorporate cable telecommunications, e-mail, and expertise organizations,” Microsoft says. “Throughout this era, Octo Tempest began monetizing intrusions by extorting sufferer organizations for knowledge stolen throughout their intrusion operations and in some circumstances even resorting to bodily threats.”

KnowBe4 permits your workforce to make smarter safety choices each day. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.

Microsoft has the story.

Latest news
Related news


Please enter your comment!
Please enter your name here