Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Summary
Threat actors are impersonating IT support staff to deploy the Havoc command-and-control (C2) framework. This campaign uses email spam and follow-up phone calls to trick victims into downloading malicious payloads, which can lead to data exfiltration or ransomware attacks.
IFF Assessment
FOE
The use of social engineering tactics like fake IT support to deploy sophisticated C2 frameworks poses a direct threat to organizations.
Defender Context
Defenders should be wary of unsolicited IT support communications and user reports of suspicious calls. Training users to identify and report phishing attempts and social engineering tactics is crucial, as is monitoring for the initial stages of C2 communication that could indicate a Havoc framework deployment.