ILLINOIS, UNITED STATES – The Google Threat Intelligence Group (GTIG) has issued a warning that a financially motivated threat actor, UNC6783, will target BPO firms to steal data from their high-value clients.
GTIG suspects that UNC6783 is Raccoon, the hacker who claimed responsibility for the large-scale Adobe data theft from an Indian BPO firm.
How UNC6783 Steals Data
GTIG found that UNC6783 compromises BPOs through social engineering. GTIG principal threat analyst Austin Larsen says they have seen the attackers target the support and helpdesk staff of BPO firms directly “to gain trusted access and steal sensitive data for extortion operations.”
According to a report from SecurityWeek, UNC6783 uses live chats to lure employees to spoofed Okta login pages, a phishing kit that steals clipboard content to bypass MFA verification, and fake Zendesk support pages to pose as the BPO’s domain. Afterward, the attackers will enroll their devices to gain access to the compromised environment.
Another thing that Larsen and GTIG have observed is that attackers use fake security software updates to deliver remote-access malware, followed by ransom notes sent through Proton Mail accounts.
LOGIX BPO Content Team
The Logix BPO Content Team is made up of writers who work directly inside the outsourcing world. We sit alongside operations managers, client success leaders, and workforce strategists running call centers, RPO programs, and back-office teams across the Philippines, UK, Australia and Us.
Our content comes from real collaboration with teams managing live client accounts in healthcare, fintech and tech consulting. We’re embedded in Logix BPO’s client delivery work, so we write what we see; the strategies and systems our teams actually use to build and scale outsourcing solutions.
