SLH Offers $500-$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
Briefly

SLH Offers $500-$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
"SLH is diversifying its social engineering pool by specifically recruiting women to conduct vishing attacks, likely to increase the success rate of help desk impersonation. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to providing them with the necessary pre-written scripts to carry out the attack."
"The group's modus operandi also involves targeting help desks and call centers to breach companies by posing as employees and convincing them to reset a password or install a remote monitoring and management (RMM) tool that grants them remote access. Once initial access is obtained, Scattered Spider has been observed moving laterally to virtualized environments, escalating privileges, and exfiltrating sensitive corporate data."
"A high-profile cybercrime supergroup comprising LAPSUS$, Scattered Spider, and ShinyHunters, SLH has a record of engaging in advanced social engineering attacks to sidestep multi-factor authentication (MFA) through techniques like MFA prompt bombing and SIM swapping."
Scattered LAPSUS$ Hunters (SLH), a cybercrime supergroup combining LAPSUS$, Scattered Spider, and ShinyHunters, is recruiting women specifically for vishing attacks targeting IT help desks. The group offers financial incentives between $500 and $1,000 per call, along with prepared scripts. This recruitment strategy aims to increase success rates of help desk impersonation through social engineering. SLH specializes in bypassing multi-factor authentication using techniques like MFA prompt bombing and SIM swapping. Their attacks involve posing as employees to obtain password resets or install remote monitoring tools for system access. Once inside networks, they move laterally, escalate privileges, and exfiltrate data, sometimes deploying ransomware. The group uses legitimate services and residential proxies to evade detection.
#cybercrime #social-engineering #voice-phishing #multi-factor-authentication-bypass #scattered-spider
Read at The Hacker News
Unable to calculate read time
[
|
]