{"id":202964,"date":"2026-04-07T11:39:00","date_gmt":"2026-04-07T15:39:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/07\/threat-cluster-launches-extortion-campaign-using-social-engineering\/"},"modified":"2026-04-07T12:05:11","modified_gmt":"2026-04-07T16:05:11","slug":"threat-cluster-launches-extortion-campaign-using-social-engineering","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/07\/threat-cluster-launches-extortion-campaign-using-social-engineering\/","title":{"rendered":"Threat cluster launches extortion campaign using social engineering"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/threat-actor-social-engineering-raccoon-persona\/816804\/\">Threat cluster launches extortion campaign using social engineering<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/threat-actor-social-engineering-raccoon-persona\/816804\/\">https:\/\/www.cybersecuritydive.com\/news\/threat-actor-social-engineering-raccoon-persona\/816804\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-07 11:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>A social engineering campaign by a financially motivated threat cluster has been uncovered extort payments from dozens of targeted organizations, according to researchers at Google Threat Intelligence Group.<br \/>\nThe threat cluster, tracked as UNC6783, operates by compromising business process outsourcers that work with targeted organizations, Austin Larsen, principal threat analyst at GTIG, said in a LinkedIn post. The cluster has potential ties to an operative using the \u201cRaccoon\u201d persona.<br \/>\nIn other cases, hackers set their sights on support or help desk staff at the targeted entities in order to gain trust and steal sensitive data.<\/p>\n<p>The hackers have used a live chat to direct employees to malicious Okta login pages, according to Larsen. Phishing kits are used to bypass multifactor authentication. The hackers then use their own enrolled device to gain persistent access to a targeted environment.<br \/>\nIn some cases, fake security software has been used to trick workers into downloading remote access malware. The threat cluster has used Proton emails to send ransom notes to victims.\u00a0<br \/>\nGTIG researchers have not named any specific organizations that were impacted, but said that several dozen were targeted across multiple industry sectors.\u00a0<br \/>\nCybersecurity Dive previously learned that a persona called Mr. Raccoon had taken credit for a social engineering attack against Adobe. The hacker claimed to have exfiltrated a large number of support tickets. Adobe did not respond to a request for comment.\u00a0<br \/>\nSecurity teams should implement phishing resistant multifactor authentication and proactively block unauthorized domains.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat cluster launches extortion campaign using social engineering https:\/\/www.cybersecuritydive.com\/news\/threat-actor-social-engineering-raccoon-persona\/816804\/ Publish Date: 2026-04-07 11:39:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":202965,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/WGUPY79LEktvH4NBkYMET1Bmh25ayeqkGTV8rAjjwCw\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy04MTc0ODYwMjguanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35,32,25],"class_list":["post-202964","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202964"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=202964"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202964\/revisions"}],"predecessor-version":[{"id":202966,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202964\/revisions\/202966"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/202965"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=202964"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=202964"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=202964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}