July 19, 2026

Cybercriminals Target Organizations with Phony App to Steal Data and Demand Ransoms

cyberattack
Reading Time: 2 minutes

In a worrying trend, hackers are escalating their tactics by targeting organizations across Europe and the Americas, employing social engineering to install a modified version of a legitimate data import tool. This seemingly innocuous application opens the door for attackers to steal sensitive information, gain access to cloud services, and navigate through networks, escalating their assaults and demands for extortion.

Cybercriminals Craft Deceptive Strategies

Tracking this malicious activity is the threat group known as UNC6040, which makes use of voice phishing, or vishing, to trick unsuspecting employees into downloading the malicious app. Designed to closely imitate a familiar enterprise tool, this rogue application secures an alarming level of access to corporate environments. Once in, it enables the exfiltration of critical data and compromises system integrity with ease.

Consequences and Scope of the Attack

The Google Threat Intelligence Group has reported that approximately 20 organizations have fallen victim to these attacks, some enduring confirmed data breaches that threaten their operational security. This ongoing operation is linked to a cybercriminal ecosystem referred to as ‘The Com,’ which engages in various illegal activities, underscoring the complex and interconnected nature of modern cybersecurity threats.

The Human Element in Cybersecurity

Experts warn that the root of this threat lies not in software vulnerabilities but in the effectiveness of social engineering tactics. This serves as a crucial reminder of the importance of heightened employee awareness and the implementation of robust controls over app authorization. It turns out that even the most sophisticated cybersecurity measures can be bypassed with a simple phone call — it’s a lesson every organization should take to heart.

Questions & Answers

What tactics are hackers using in these attacks?
Hackers are using voice phishing to deceive employees into downloading a malicious version of a legitimate data import tool, allowing unauthorized access to sensitive data.

How many organizations have been affected by these cyber attacks?
Approximately 20 organizations have been affected, with some experiencing confirmed data breaches as a result.

What steps should organizations take to mitigate such attacks?
Organizations should focus on improving employee awareness regarding social engineering tactics and enforce stricter controls on app authorization to prevent unauthorized access.

Share it:
NAORA V4 970x250

Must reads:

Behind the Buzz
Retail News Asia — Your Daily Fix of What’s Happening in Asian Retail

We’re here to keep you in the loop—every single day. Whether you’re running a small local shop, scaling an online biz, or part of a global brand making moves in Asia, we’ve got something for you.

With 50+ fresh stories a week and 13.6 million readers, Retail News Asia isn’t just another news site—it’s the go-to source for all things retail across the region.
Retail Kitchen
We respect your inbox as much as we value your time. That’s why we only send carefully curated weekly updates, packed with the most relevant news, trends, and insights from the retail industry across Asia and beyond.
Copyright © 2014 -2026 |
Redwind BV