Cybersecurity researchers have identified an active social engineering campaign that began in late April 2024, targeting enterprises through spam emails and phone calls.

The campaign's objective is to bypass email security and coerce users into installing software that allows for remote access and additional malware downloads for credential theft and sustained access.

Attackers are using Cobalt Strike beacons and remote access trojans to infiltrate networks, with connections to the Black Basta ransomware operators.

A separate LockBit Black ransomware campaign utilizes the Phorpiex botnet to spread ransomware via email.

The Mallox ransomware group exploits Microsoft SQL servers, operates on a ransomware-as-a-service model, and uses a double extortion tactic, targeting various industries.