Scworld
BlackFile Group Launches Vishing and Data Extortion Campaign Against Retail and Hospitality
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Since February 2026, the BlackFile Group has targeted retail and hospitality sectors, employing vishing attacks to steal employee credentials. Palo Alto Networks' Unit 42 reported that the group uses spoofed VoIP numbers to impersonate IT helpdesk staff, luring victims to phishing pages designed to capture login credentials and one-time passcodes. Once access is gained, attackers register new devices to bypass multi-factor authentication and escalate privileges to executive accounts. They exfiltrate sensitive data from Salesforce and SharePoint, focusing on files marked 'confidential' and containing Social Security Numbers (SSNs). The group demands seven-figure ransoms, sometimes resorting to swatting tactics to pressure victims. Organizations are advised to enhance security policies and conduct regular training to mitigate risks. The attacks have raised significant concerns about data security in these sectors.
Key Points: • BlackFile Group targets retail and hospitality sectors using vishing attacks. • Attackers impersonate IT staff to steal credentials and bypass multi-factor authentication. • Victims face seven-figure ransom demands and potential swatting incidents.