Researchers warn that a stealthy callback phishing attack has been targeting the legal and retail sectors with the end goal of stealing data for extortion.
A new Lookout report highlights a tangle of government mobile device security challenges, including the use of outdated or unmanaged devices, and a rise in phishing attacks targeting credentials.
Researchers said a new phishing-as-a-service platform features an entirely open registration process that makes it easier for cybercriminals to leverage.
The attack was first discovered in August after victims received phishing emails containing malicious document attachments.
The group activity has overlaps with APT40, which has continued its “operational tempo” despite a previous indictment by the U.S. Department of Justice in 2021.