About a year ago, the U.S. security firm Palo Alto Networks began to hear from a flurry of companies that had been hacked in ways that weren't the norm for cybercriminals.
Native English-speaking hackers would call up a target company’s information technology help desk posing as an employee, and seek login details by pretending to have lost theirs. They had all the employee information needed to sound convincing. And once they got access, they’d quickly find their way into the company's most sensitive repositories to steal that data for extortion.
Ransomware attacks are not new, but this group was extraordinarily skilled at social engineering and bypassing multi-factor authentication, said Wendi Whitmore, senior vice president for Palo Alto Networks' Unit 42 threat intelligence team, which has responded to several intrusions tied to the group.