Summary

The article discusses a new cyber threat campaign where attackers impersonate IT support to deploy the Havoc command-and-control (C2) framework. This tactic is used to facilitate data exfiltration or ransomware attacks.

Key Points

• The campaign was identified by Huntress last month.
• It targeted five partner organizations.
• Attackers used email spam as a lure, followed by phone calls.
• The Havoc C2 framework is used as a precursor to data theft or ransomware.

Analysis

This campaign highlights the evolving tactics of cybercriminals who are now using social engineering techniques to gain trust and deploy sophisticated frameworks like Havoc C2. The use of fake IT support calls in conjunction with email spam indicates a multi-layered approach to breaching organizational defenses.

Conclusion

IT professionals should enhance their organization's security awareness training to recognize and report suspicious communications. Implementing robust email filtering and verification processes can help mitigate such threats.