Pink is the latest goon squad to use fake helpdesk calls to steal creds

Pink is an extortion group using vishing and fake help-desk calls to phish credentials and bypass MFA, then exfiltrate sensitive cloud-stored data (SharePoint, OneDrive) to extort organizations; Unit 42 and Google Threat Intelligence link the operation to previous brands/actors (e.g., BlackFile/UNC6671, The Com) and published IoCs including phishing domains (passkeyadd.com, passkeydeploy.com, deploypasskey.com), three IP addresses, and observed user-agent strings to aid defenders.