Monday, May 5, 2025
HomeCyber Security NewsConti Ransomware Operators Using 'BazarCall' Style Attack as an Initial Vector

Conti Ransomware Operators Using ‘BazarCall’ Style Attack as an Initial Vector

Published on

SIEM as a Service

Follow Us on Google News

In the context of phishing attacks, a BazarCall style attack is a form of targeted phishing that uses a call-back methodology in order to trick the user. 

For the first time, this emerged to be marketed in 2020/2021 as a tool of Ryuk which was later rebranded under the name Conti. The tool has been ascertained to be an effective and adaptable tool for an entire line of criminals and has proven to be useful. 

Increasingly, callback phishing tactics are used by scammers to trick their victims in order to gain access to their personal information. And not only that even the current threat landscape has been completely transformed by callback phishing tactics.

- Advertisement - Google News

According to the report, So far, three threat groups that are autonomous have devised their own targeted phishing tactics, and here they are mentioned below:-

  • Silent Ransom
  • Quantum
  • Roy/Zeon

Technical Analysis

Essentially, call-back phishing has revolutionized the way ransomware has been targeting its victims again, since the operations resurgence and the post-Conti era.

A widespread change in the approach to ransomware deployment was possible due to the use of callback phishing as a tactic. The uniqueness and effectiveness of the approach can be attributed to the following factors:-

  • Before an attack campaign begins, the victim or victim industry is selected using a targeted selective approach instead of an automated botnet infection.
  • The phishing campaign is tailored to the victims/industry instead of generic Emotet spam.
  • To increase the risk for the targeted victim, weaponize/maximize risk frameworks are developed instead of chaotic extortion strategies.
  • There is no repetition of strategies in the campaign, but constant change is made to the content to make sure that it is relevant for the audience.
  • It is evident that the main focus is now shifting from data encryption to data exfiltration, rather than the traditional focus on data encryption.

As part of Conti’s organizational tradition, callback phishing is embedded and has been used as an attack vector for some time. Between December 2021 and February 2022, Conti’s operational crisis began, and during February-March 2022, it was conceptualized and implemented.

Victimology

A major shift has been observed in ransomware’s victimology as a result of callback phishing campaigns. Avaddon (such as a group that was active before the advent of the Bazar), is a good example of the change in sectors targeted in comparison to pre-Bazar groups.

These targeted campaigns have significantly increased the number of attacks on the following sectors as a result of their targeted nature:-

  • Finance
  • Technology
  • Legal
  • Insurance

In almost all internal manuals that were distributed between ex-Conti members, these four sectors were listed as priority industries. 

There is a likelihood that this trend will continue. It has become more evident to threat actors that weaponized social engineering tactics have considerable potential. 

The scope and complexity of these phishing operations are only likely to increase as time goes on, so it is predicted that they will only grow.

Sponsored: Rise of Remote Workers: A Checklist for Securing Your Network – Download Free White paper

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...