CP
cyberpings

BlackFile Extortion Group Linked to Surge of Vishing Attacks

A new hacking group called BlackFile is targeting retail and hospitality sectors through vishing attacks. They've been stealing employee credentials and demanding ransoms. Organizations must enhance their security measures to combat this growing threat.

Threat IntelHIGHUpdated: Published:
Featured image for BlackFile Extortion Group Linked to Surge of Vishing Attacks

Original Reporting

BCBleepingComputerΒ·Sergiu Gatlan

AI Summary

CyberPings AIΒ·Reviewed by Rohit Rana

🎯Basically, a new hacker group is tricking employees into giving up their passwords over the phone.

The Threat

A new financially motivated hacking group known as BlackFile has emerged, linked to a significant increase in data theft and extortion attacks. Since February 2026, this group has targeted retail and hospitality organizations, employing sophisticated tactics to impersonate IT helpdesk staff and extract sensitive employee credentials.

Who's Behind It

BlackFile, also tracked under aliases like CL-CRI-1116 and Cordial Spider, has been associated with a broader network of cybercriminals known as The Com. This loose-knit group is notorious for recruiting young individuals for various cybercrimes, including extortion and the production of child sexual exploitation material (CSAM).

Tactics & Techniques

The group's primary method involves voice phishing (vishing), where attackers call employees using spoofed numbers. They pose as IT support, directing victims to fake corporate login pages to capture their credentials and one-time passcodes. Once they have access, BlackFile registers their own devices to bypass multifactor authentication and escalate their access to sensitive executive-level accounts.

Data Exfiltration

Using stolen credentials, the attackers exploit Salesforce and SharePoint servers to extract sensitive data. They specifically search for files labeled as "confidential" or containing SSN information. The stolen data is then downloaded to servers controlled by the attackers and published on their dark web leak site before ransom demands are sent to victims.

Defensive Measures

To combat the rising threat posed by BlackFile, experts recommend several proactive measures: As the tactics of BlackFile mirror those of other known groups like ShinyHunters, organizations must remain vigilant and proactive in their cybersecurity strategies to mitigate the risks associated with these evolving threats.

Do Now

  • 1.Strengthen call-handling policies: Ensure that employees verify the identity of callers, especially when sensitive information is involved.
  • 2.Implement multifactor identity verification: Enforce strict verification processes for any caller claiming to be from IT support.

πŸ”’ Pro Insight

πŸ”’ Pro insight: The emergence of BlackFile underscores the need for enhanced employee training on social engineering tactics to mitigate vishing risks.

BCBleepingComputerΒ· Sergiu Gatlan
Read Original

Share

Related Pings

Preview image for Digital Battlefield - CISA Tracks FIRESTARTER Threat
Threat Intel
HIGH

Digital Battlefield - CISA Tracks FIRESTARTER Threat

CISA tracks the FIRESTARTER threat in federal agencies. Microsoft allows removal of Copilot, while NIST promotes better OT visibility. Sanctions hit a Cambodian senator linked to scams.

CWCyberWire Daily
Read PingRead Source
Preview image for TGR-STA-1030 - New Threat Activity in Central and South America
Threat Intel
HIGH

TGR-STA-1030 - New Threat Activity in Central and South America

TGR-STA-1030 is ramping up its activities in Central and South America, posing serious risks. Organizations in these regions must strengthen their defenses against this active threat.

U4Palo Alto Unit 42
Read PingRead Source
Preview image for NASA Employees Targeted in Chinese Phishing Espionage Scheme
Threat Intel
HIGH

NASA Employees Targeted in Chinese Phishing Espionage Scheme

A Chinese national duped NASA employees in a phishing scheme to steal sensitive defense software. This breach raises serious national security concerns. Stay vigilant against such espionage tactics.

THThe Hacker News
Read PingRead Source
Preview image for Governments on High Alert - CISA Disrupts Firestarter Backdoor
Threat Intel
HIGH

Governments on High Alert - CISA Disrupts Firestarter Backdoor

CISA has neutralized the Firestarter backdoor malware linked to a China-sponsored espionage campaign, urging organizations to take immediate security measures.

REThe Register Security+1 more
Read PingRead Source
Preview image for Hackers Exploit SS7 and Diameter to Track Mobile Users
Threat Intel
HIGH

Hackers Exploit SS7 and Diameter to Track Mobile Users

A major investigation reveals hackers exploiting SS7 and Diameter protocols to track mobile users globally. This poses serious privacy risks as telecom firewalls are bypassed. Urgent action is needed to protect users.

CSCyber Security News
Read PingRead Source
Preview image for Telecom Surveillance Campaigns Exposed - National Privacy Push
Threat Intel
HIGH

Telecom Surveillance Campaigns Exposed - National Privacy Push

Researchers have exposed covert telecom surveillance campaigns linked to China. Lawmakers are pushing for new privacy regulations to protect citizens. This highlights the urgent need for enhanced cybersecurity measures.

CWCyberWire Daily
Read PingRead Source