Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector

A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks.

“Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology,” cybersecurity firm AdvIntel said in a Wednesday report.

These targeted campaigns “substantially increased” attacks against entities in finance, technology, legal, and insurance sectors, the company added.

The actors in question include Silent Ransom, Quantum, and Roy/Zeon, all of which split from Conti after the ransomware-as-a-service (RaaS) cartel orchestrated its shutdown in May 2022 following its public support for Russia in the ongoing Russo-Ukrainian conflict.

The advanced social engineering tactic, also called BazaCall (aka BazarCall), came under the spotlight in 2020/2021 when it was put to use by operators of the Ryuk ransomware, which later rebranded to Conti.

It’s said to have received substantial operational improvements in May, around the same time the Conti team was busy coordinating an organization-wide restructuring while simulating the movements of an active group…