logo

New Extortion Brand Uses IT Impersonation to Breach Organizations

ID: d5357cde-ac3c-5d4a-a506-0fa8e74fc59d

STIX ID: report--d5357cde-ac3c-5d4a-a506-0fa8e74fc59d

Feed Name: KnowBe4 Blog

Threat Score
70/100

Date Published: 2026-06-23

Date Updated: 2026-06-23

Author: KnowBe4 Team

...
...

A newly surfaced extortion group dubbed "Pink" is using vishing and fake helpdesk calls to harvest credentials and bypass MFA, then quickly exfiltrating data from services such as SharePoint and OneDrive to support extortion; Unit 42 and reporting link Pink to prior groups (BlackFile, Redact) and the broader "The Com" network, with domain reuse and DDoS-Guard hosting noted.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.