Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
01 May 2026
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.
The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and