Skip to content
The Nexus
DossierENTITY

BlackFile

Coverage of BlackFile in the Nexus archive.

Earliest in view: Apr 24 · 18:26 UTCMost recent: Jun 4 · 22:16 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 4 · 22:16 UTCTHE REGISTER
    Pink is the latest goon squad to use fake helpdesk calls to steal creds

    Pink, a new extortion group possibly rebranded from BlackFile, uses voice phishing and fake helpdesk calls to steal credentials and extort organizations. Palo Alto Networks' Unit 42 and Google Threat Intelligence debate whether Pink is a new threat or an evolution of UNC6671, with similar tactics to groups like Lapsus$ and Scattered Spider.

  • SECURITYMay 1 · 14:26 UTCTHE HACKER NEWS
    Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

    Cybersecurity researchers have identified two cybercrime groups, Cordial Spider and Snarky Spider, using vishing and SSO abuse to conduct rapid, high-impact SaaS extortion attacks. These groups operate within SaaS environments, stealing data quickly while leaving minimal traces.

  • SECURITYApr 27 · 14:18 UTCCYBERSCOOP
    BlackFile actively extorting data-theft victims in retail and hospitality sector

    BlackFile, a cyber extortion group linked to The Com, is targeting retail and hospitality organizations via voice-phishing and social engineering to steal data and demand ransoms. The group, tracked under aliases like CL-CRI-1116 and Cordial Spider, uses SaaS environments and data-leak sites to pressure victims, with attacks ongoing since February 2025.

  • SECURITYApr 24 · 18:26 UTCBLEEPING COMPUTER
    New BlackFile extortion group linked to surge of vishing attacks

    A new financially motivated hacking group named BlackFile has been linked to a surge of vishing attacks targeting retail and hospitality organizations since February 2026. The group is associated with data theft and extortion campaigns, exploiting these sectors to maximize financial gain.

BlackFile · Dossier · The Nexus