CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion.

Some attackers, which researchers link to The Com, have swatted company executives to increase leverage and pressure victims to pay their ransom demands.