Dossier
CL-CRI-1116
Coverage of CL-CRI-1116 in the Nexus archive.
Cordial Spiderorganization2BlackFileorganization2UNC6671organization2Snarky Spiderorganization1vishingtopic1SSO abusetopic1SaaS extortion attackstopic1The Comorganization1Unit 42organization1Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC)organization1Palo Alto Networksorganization1
- Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Cybersecurity researchers have identified two cybercrime groups, Cordial Spider and Snarky Spider, using vishing and SSO abuse to conduct rapid, high-impact SaaS extortion attacks. These groups operate within SaaS environments, stealing data quickly while leaving minimal traces.
- BlackFile actively extorting data-theft victims in retail and hospitality sector
BlackFile, a cyber extortion group linked to The Com, is targeting retail and hospitality organizations via voice-phishing and social engineering to steal data and demand ransoms. The group, tracked under aliases like CL-CRI-1116 and Cordial Spider, uses SaaS environments and data-leak sites to pressure victims, with attacks ongoing since February 2025.