{"id":4100,"date":"2025-05-21T06:06:21","date_gmt":"2025-05-21T06:06:21","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/05\/21\/a-familiar-playbook-with-a-twist-3am-ransomware-actors-dropped-virtual-machine-with-vishing-and-quick-assist\/"},"modified":"2025-05-21T06:06:21","modified_gmt":"2025-05-21T06:06:21","slug":"a-familiar-playbook-with-a-twist-3am-ransomware-actors-dropped-virtual-machine-with-vishing-and-quick-assist","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/05\/21\/a-familiar-playbook-with-a-twist-3am-ransomware-actors-dropped-virtual-machine-with-vishing-and-quick-assist\/","title":{"rendered":"A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist"},"content":{"rendered":"<p>    A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>Another adversary picks up the email bombing \/ vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call\u2014this time, over the phone.<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    gallagherseanm<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/news.sophos.com\/en-us\/2025\/05\/20\/a-familiar-playbook-with-a-twist-3am-ransomware-actors-dropped-virtual-machine-with-vishing-and-quick-assist\/\">Go to sophos<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist Another adversary picks up the email bombing \/ vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call\u2014this time, over the phone. gallagherseanm Go to sophos<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1303,1304,1305,1306,100,58,110,1307],"tags":[59],"class_list":["post-4100","post","type-post","status-publish","format-standard","hentry","category-3am-ransomware","category-blackbasta-leaks","category-email-bombing","category-quick-assist-abuse","category-security-operations","category-sophos","category-threat-research","category-vishing","tag-sophos"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/4100"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=4100"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/4100\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=4100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=4100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=4100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}