top of page
perceptive_background_267k.jpg

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Published:

1 May 2026 at 14:26:00

Alert date:

1 May 2026 at 15:01:38

Source:

thehackernews.com

Click to open the original link from this advisory

Cloud & Virtualization, Data Breach & Exfiltration, Identity & Access

Two cybercrime groups, Cordial Spider (BlackFile, CL-CRI-1116, O-UNC-045, UNC6671) and Snarky Spider (O-UNC-025, UNC6661), are conducting rapid, high-impact attacks within SaaS environments. These groups use vishing (voice phishing) and single sign-on (SSO) abuse techniques to carry out data theft and extortion attacks while leaving minimal forensic traces. The attacks operate almost entirely within cloud-based software-as-a-service platforms, making detection and attribution challenging for security teams.

Technical details

Mitigation steps:

Affected products:

SaaS platforms

Related links:

https://thehackernews.com/2026/05/cybercrime-groups-using-vishing-and-sso.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page