Google Warns of Sophisticated Phishing Attack Targeting Business Process Outsourcers
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
A financially motivated threat actor, tracked as UNC6783, is targeting business process outsourcing (BPO) organizations to steal data pertaining to high-value companies, according to Google Threat Intelligence Group (GTIG).
Social Engineering Tactics
The threat actor, potentially linked to a certain “Raccoon” persona, has been engaged in social engineering and phishing campaigns targeting dozens of high-value corporate entities across multiple industries.
According to GTIG, UNC6783’s social engineering tactics involve creating fake Zendesk support pages that pose as the targeted organization’s domain. Using the targeted employees’ accounts, the attackers enroll their own devices to gain persistent access to the compromised environment.
MFA Verification Bypass
The group has observed UNC6783 using a phishing kit that steals clipboard contents to bypass standard multi-factor authentication (MFA) verification.
Additionally, the attackers rely on live chats to lure employees to spoofed Okta login pages.
Attack Campaign Connection
The attack campaign is believed to be connected to the recent claim by a hacker known as Mr. Raccoon, who allegedly stole a large amount of Adobe data from a BPO firm in India.
The stolen data included the personal information of 15,000 employees, millions of support tickets, and bug bounty submissions.
Investigation Ongoing
Security experts warn that the use of social engineering tactics and phishing kits to bypass MFA verification highlights the importance of implementing robust security measures to protect against these types of attacks.
Organizations should prioritize training employees on phishing awareness and invest in advanced security solutions to detect and prevent these types of threats.