BACK TO NEWS
Breaking News

SLH Cybercrime Group Recruits Women for IT Help Desk Vishing Attacks with $1K Incentives

2 min readSource: The Hacker News

Scattered LAPSUS$ Hunters (SLH) offers $500–$1,000 per call to recruit women for voice phishing campaigns targeting corporate IT help desks. Learn the latest threat tactics.

SLH Cybercrime Group Targets IT Help Desks with Vishing Attacks

The cybercrime collective Scattered LAPSUS$ Hunters (SLH) has launched a new social engineering campaign, offering financial incentives to recruit women for voice phishing (vishing) attacks targeting IT help desks. According to a threat brief by Dataminr, the group is paying between $500 and $1,000 upfront per call to execute these attacks.

Technical Details of the Campaign

SLH, a notorious cybercrime group known for high-impact attacks, is leveraging vishing—a form of phishing conducted via phone—to manipulate IT support personnel. The group’s recruitment strategy specifically targets women, likely to exploit perceived trustworthiness in voice-based interactions. While the exact tactics remain undisclosed, such attacks typically involve:

  • Impersonation of employees or vendors to gain access to sensitive systems.
  • Exploitation of multi-factor authentication (MFA) recovery processes.
  • Use of pretexting to extract credentials or reset passwords.

The financial incentives suggest SLH is scaling its operations, indicating a shift toward outsourced social engineering for initial access.

Impact Analysis

Vishing attacks pose a significant risk to organizations, particularly those relying on help desk-assisted account recovery. Successful breaches can lead to:

  • Unauthorized access to corporate networks.
  • Data exfiltration or ransomware deployment.
  • Compromised privileged accounts, enabling lateral movement.

Given SLH’s history of disruptive attacks, this campaign could signal a broader trend in human-operated social engineering as a preferred initial access vector.

Recommendations for Security Teams

To mitigate vishing risks, organizations should:

  1. Enforce strict verification protocols for help desk interactions, such as:

    • Requiring manager approval for sensitive account changes.
    • Implementing call-back verification for high-risk requests.

  2. Train employees to recognize social engineering tactics, including:

    • Urgency-based manipulation.
    • Unusual requests for credentials or MFA resets.

  3. Monitor for anomalous activity, such as:

    • Multiple failed authentication attempts followed by a help desk call.
    • Unusual account modifications post-call.

  4. Limit help desk privileges to reduce the blast radius of potential breaches.

Security teams should treat this campaign as a reminder to harden help desk procedures and remain vigilant against evolving social engineering threats.

Share

TwitterLinkedIn