Cybercrime Groups Exploit Vishing and SSO Abuse for Rapid SaaS Data Theft

Cybersecurity researchers have identified two cybercrime groups, Cordial Spider (also known as BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (also known as O-UNC-025 and UNC6661), conducting rapid, high-impact attacks within SaaS environments. These attacks involve vishing (voice phishing) and SSO (Single Sign-On) abuse to facilitate high-speed data theft while minimizing detectable traces. The operations are characterized by their speed and focus on extortion within cloud-based platforms. No specific dates, CVE IDs, or technical attack vectors beyond vishing and SSO abuse were disclosed in the reported findings.