Fake IT support voice calls lead to cyber extortion and stolen company data – TechRadar


Published on: 2025-06-05

Intelligence Report: Fake IT Support Voice Calls Lead to Cyber Extortion and Stolen Company Data – TechRadar

1. BLUF (Bottom Line Up Front)

Recent cyber extortion incidents involve threat actors impersonating IT support to trick employees into downloading malware, leading to data theft and extortion. The ongoing campaign, primarily targeting organizations in the business, hospitality, retail, and education sectors, exploits vulnerabilities in Salesforce applications. Immediate action is recommended to enhance employee awareness and strengthen cybersecurity measures.

2. Detailed Analysis

The following structured analytic techniques have been applied to ensure methodological consistency:

Adversarial Threat Simulation

Simulated actions of cyber adversaries reveal vulnerabilities in employee training and software security, emphasizing the need for robust defense mechanisms.

Indicators Development

Key indicators include unusual download patterns and unauthorized data access attempts, crucial for early detection of similar threats.

Bayesian Scenario Modeling

Probabilistic models suggest a high likelihood of continued attacks, with potential escalation in sophistication and target diversity.

3. Implications and Strategic Risks

The campaign underscores systemic vulnerabilities in employee cybersecurity training and software application security. Potential cascading effects include financial losses, reputational damage, and compromised customer data integrity, posing significant risks to organizational stability.

4. Recommendations and Outlook

  • Enhance employee training on phishing and voice phishing (vishing) threats to reduce susceptibility to social engineering attacks.
  • Implement multi-factor authentication and regular software updates to mitigate unauthorized access risks.
  • Best Case: Organizations promptly address vulnerabilities, reducing attack success rates.
  • Worst Case: Failure to act leads to widespread data breaches and financial extortion.
  • Most Likely: Continued attacks with varying success rates, prompting gradual improvements in cybersecurity defenses.

5. Key Individuals and Entities

The report references the Google Threat Intelligence Group (GTIG) and the cybercriminal group known as ShinyHunters.

6. Thematic Tags

cybersecurity, cyber extortion, data theft, phishing, vishing, Salesforce, employee training, threat intelligence

Fake IT support voice calls lead to cyber extortion and stolen company data - TechRadar - Image 1

Fake IT support voice calls lead to cyber extortion and stolen company data - TechRadar - Image 2

Fake IT support voice calls lead to cyber extortion and stolen company data - TechRadar - Image 3

Fake IT support voice calls lead to cyber extortion and stolen company data - TechRadar - Image 4