Signal

New extortion campaign targets dozens of high-value firms via BPO and helpdesk phishing

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-09 17:11 UTCUpdated 2026-04-09 18:24 UTC

rss

cvesexploitsbreachesmalwarethreat_actorsadvisories

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Actor tied to Raccoon targets 'several dozen' companies by exploiting BPOs and helpdesks

SC Media · News · scworld.com · 2026-04-09 18:24 UTC

'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree

The Register Security · News · go.theregister.com · 2026-04-09 17:11 UTC

limited source diversity in top sources

View all evidence

Overview

A newly identified extortion group linked to the Raccoon threat actor has targeted several dozen high-value corporations by exploiting business process outsourcing (BPO) providers and helpdesk systems.

Entities

AdobeRaccoon

Score total

0.84

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent surge in extortion campaigns exploiting BPO and helpdesk vulnerabilities
New attribution by Google to UNC6783/Raccoon actor increases understanding of threat landscape
Timely awareness can aid organizations in strengthening defenses against social engineering

Why it matters

Highlights risks from third-party service providers as attack vectors
Demonstrates ongoing threat from social engineering and phishing in corporate extortion
Potential link to previous high-profile breaches underscores persistent actor activity

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

UNC6783 uses social engineering and phishing to compromise BPOs and helpdesks for extortion

How sources frame it

SC Media: neutral
The Register Security: neutral

All evidence

Actor tied to Raccoon targets 'several dozen' companies by exploiting BPOs and helpdesks

SC Media · scworld.com · 2026-04-09 18:24 UTC

'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree

The Register Security · go.theregister.com · 2026-04-09 17:11 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

SC Media (1)
The Register Security (1)

Top origin domains (this list)

scworld.com (1)
go.theregister.com (1)