Threat Intelligence Report

Welcome to BlackFile: Inside a Vishing Extortion Operation | Google Cloud Blog

📅 May 16, 2026 📰 cloud.google.com 🔍 0 CVE(s) referenced

The BlackFile extortion group (UNC6671) leveraged sophisticated vishing and adversary-in-the-middle attacks to bypass MFA, compromise SSO accounts, and automate massive SaaS data theft for high-pressure extortion, underscoring the urgent need for phishing-resistant authentication and enhanced cloud security monitoring.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle