Latest goon squad to use fake helpdesk calls to steal creds

A new extortion group called Pink, tracked as cluster CL-CRI-1147, employs voice phishing and fake IT helpdesk impersonation to compromise organizations. The gang steals employee credentials, bypasses multi-factor authentication, and exfiltrates data from cloud storage platforms like SharePoint and OneDrive. Pink threatens to leak stolen information unless ransom demands are met, setting 72-hour deadlines. The group's data-leak site launched on May 31, 2026. This approach mirrors tactics popularized by Lapsus$, Scattered Spider, and ShinyHunters. Incident responders link Pink to The Com, a loosely connected network of English-speaking hackers and extortionists. Attackers use compromised victim accounts and internal Teams messages for extortion communications, reusing domains across multiple targets.

Pulse ID: 6a2201a2fe176ac0486f58e5
Pulse Link: https://otx.alienvault.com/pulse/6a2201a2fe176ac0486f58e5
Pulse Author: AlienVault
Created: 2026-06-04 22:52:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #EDR #Extortion #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #ScatteredSpider #bot #AlienVault

How America would look if we put a bunch of fascists in charge: https://www.AuthorFreeman.com/fascists

Reposts of strips from my first-term collection, TRUMPBERT: OUR LONG NATIONAL NIGHTMARE (https://www.Trumpbert.com) most weekdays. New strips every Sunday.

#dilbert #parody #trump #satire #comic #webcomic #Ukraine #extortion #impeachment

Reposts of strips from my first-term collection, TRUMPBERT: OUR LONG NATIONAL NIGHTMARE (https://www.Trumpbert.com) most weekdays. New strips every Sunday.

#dilbert #parody #trump #satire #comic #webcomic #Ukraine #extortion #impeachment