Analysis of the BazaCall/BazarCall Phishing Method

The US Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) released this Analyst Note with insight into BazaCall campaigns in the healthcare sector. Even though the analysis is focused on the Healthcare and Public Health (HPH) Sector, all agencies and organizations are encouraged to review the information contained in the Analyst Note.

Operating since as early as 2000, the threat actors behind BazaCall (also known as BazarCall), an advanced social engineering method, have been observed using multiple tactics, techniques, and procedures (TTPs) to breach targeted networks and lure unsuspecting victims into downloading its malicious malware. Many of these threat groups are offshoots of the defunct, notorious Russia-linked Conti gang, known to have aggressively targeted the HPH sector. Over time, these groups have since adopted and independently developed their own targeted phishing tactics that continuously evolve to target victims.
 
This HC3 Analyst Note provides an overview and examination of these groups, their TTPs, target industries and victim countries, impact to the HPH sector, indicators of compromise, and recommended defense and mitigations. This advisory is being provided to assist all agencies and organizations in guarding against the persistent malicious actions of cyber criminals.