Google researchers exposed UNC3944, a ransomware group targeting US retail, airline, and insurance companies through sophisticated phone scams. The hackers call IT help desks pretending to be employees, trick staff into resetting passwords, then use stolen credentials to access virtual server systems and deploy ransomware within hours.
Unlike typical cyberattacks, they don't use malware but manipulate legitimate administrative tools, making detection extremely difficult. The group's activity declined after 2024 law enforcement actions. But other ransomware groups are now copying these tactics, making this a growing threat requiring immediate defensive action.
Source: Industrial Cyber