Connect with us

Hi, what are you looking for?



CISA, FBI Alert Warns of Vishing Campaign

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert to warn of a voice phishing (vishing) campaign targeting the employees of multiple organizations.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert to warn of a voice phishing (vishing) campaign targeting the employees of multiple organizations.

As part of the attacks, which started in mid-July, adversaries were attempting to gain access to employee tools via phishing phone calls. Once they were in the possession of credentials, the attackers would access the databases of victim companies to harvest information on their customers and conduct further attacks.

“The monetizing method varied depending on the company but was highly aggressive with a tight timeline between the initial breach and the disruptive cash-out scheme,” the two agencies reveal.

In preparation of the attacks, the adversaries registered bogus domains and created fake pages mimicking the internal login pages for virtual private networks (VPNs) at the targeted companies. These pages were also meant to bypass multi-factor authentication methods by capturing two-factor authentication (2FA) codes or one-time passwords (OTP).

To ensure they were successful, the attackers used Secure Sockets Layer (SSL) certificates for the bogus domains, along with various domain naming schemes, to trick victims into believing they were accessing support, ticket, or employee websites within their organizations.

According to the two agencies, the attackers used social media, recruiter and marketing tools, open-source research, and publicly available background check services to harvest information on employees at the targeted organizations, including their names, addresses, and phone numbers, along with information on their position and duration at the company.

Using unattributed Voice over Internet Protocol (VoIP) numbers and spoofing the phone numbers of offices and employees within the victim company, the attackers then started calling the employees, attempting to trick them into revealing their VPN login information by accessing a new VPN link.

Advertisement. Scroll to continue reading.

“The actors used social engineering techniques and, in some cases, posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee,” the alert reads.

Once the employees revealed their login information, the adversaries used it in real-time to access corporate tools. In some cases, the employees approved the 2FA or OTP prompts, while in others SIM-swap attacks were used to bypass the additional authentication factor.

Leveraging the fraudulently obtained access, the attackers gathered additional information on victims, or attempted to steal funds using various methods.

The campaign was successful mainly because of the mass shift toward working from home during the COVID-19 pandemic, which led to an increase in the use of corporate VPN. Similar campaigns observed prior to the pandemic exclusively targeted telecommunications and Internet service providers.

To stay protected, organizations are advised to restrict VPN connections to managed devices only, restrict VPN access hours, monitor applications for unauthorized access, use domain monitoring to identify phishing domains, improve 2FA and OTP messaging, and educate employees on vishing and other phishing techniques.

Related: NSA and CISA Alert Highlights Urgency for OT Security

Related: NATO Condemns Cyberattacks Against COVID-19 Responders

Related: BEC Losses Surpassed $1.7 Billion in 2019: FBI

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...