How a New Vishing Extortion Crew Is Weaponizing Personal Data — and Why Privacy Hygiene Is a Frontline Defense

The phone call that starts the breach

In early 2026 a mid-sized North American company watched more than a million SharePoint files vanish in hours. The intrusion didn’t start with a zero‑day or a misconfigured firewall — it started with a single phone call to an employee’s personal cell number, a piece of information the attacker shouldn’t have had.

That call was the opening move for UNC6671, a financially motivated group operating publicly as “BlackFile.” According to the Google Threat Intelligence Group (GTIG), BlackFile has hit dozens of organizations across North America, Australia, and the UK, using vishing (voice phishing), SSO compromise, and automated SaaS exfiltration to steal terabytes of corporate data. This attack model forces security and privacy teams to rethink what counts as “personal information” in their threat model.

Who is BlackFile (UNC6671)?

GTIG (Mandiant) introduced BlackFile in a May 2026 report. Key points:

• Tracked as UNC6671, using the “BlackFile” brand.

• Active since early 2026, with a data‑leak site (DLS) launched February 6, 2026.

• Targets Microsoft 365 and Okta identity environments, then pivots to SharePoint, OneDrive, Zendesk, and Salesforce.

• Initial access is almost entirely social engineering, not technical vulnerabilities.

• Briefly adopted the ShinyHunters name for credibility; GTIG assesses the operations are independent.

The DLS went dark in late April 2026 and briefly reappeared May 11 with a single message: “BlackFile is shutting down… under this name.” Mandiant believes this signals a rebrand rather than retirement — a common pattern in extortion groups.

The attack chain: Vishing → SSO compromise → mass exfiltration

Step 1: IT help‑desk pretext

Operators call employees on personal cell phones to bypass corporate channels and enterprise security tooling. The caller poses as internal IT and claims a “mandatory migration to passkeys” or “required MFA update.” Because the call happens on a personal line, the pretext feels routine and trusted.

Step 2: Adversary‑in‑the‑middle MFA bypass

Victims are sent to lookalike SSO portals hosted on fresh subdomains (examples documented by Mandiant include <organization>.enrollms[.]com and <organization>.setupsso[.]com). When the employee enters credentials, the attacker forwards them to the real SSO in real time. The legitimate MFA challenge is then approved by the victim — believing they’re completing the requested setup — and the attacker immediately registers their own MFA device for persistence.

Step 3: Scripted SaaS exfiltration

Once inside, BlackFile moves from manual browsing to automated, API‑driven theft using Microsoft Graph, PowerShell, and python-requests. They search SharePoint and OneDrive for keywords like “confidential” and “SSN,” streaming files to attacker infrastructure. GTIG observed cases with over a million files exfiltrated from a single tenant. Much of this activity logs as FileAccessed rather than FileDownloaded — a common SOC blind spot, since “accessed” is often treated as benign.

Industry data confirms this trend. Palo Alto Networks’ 2026 Unit 42 report found identity weaknesses in nearly 90% of investigations and that the fastest intrusions now reach exfiltration in as little as 72 minutes.

Step 4: Extortion at scale

After exfiltration, BlackFile sends unbranded ransom notes via programmatically generated consumer email accounts and directs victims to contact them via Tox or Session. Demands start in the millions and often negotiate down to low six figures. If victims refuse, the group escalates with mass spam, threatening voicemails to executives, and in extreme cases, swatting — turning an IT incident into a personal‑safety crisis.

Why personal data exposure is an enterprise risk

BlackFile’s success depends on details most organizations don’t track: employees’ personal data on the open web and in data‑broker feeds.
What attackers need:

• A personal cell number to bypass corporate communications.

• Enough context (name, role, employer, manager, recent travel) to make the IT pretext plausible.

• Home addresses, family details, or vehicle data to support harassment or swatting.

These data points are widely available across hundreds of broker sites. The FBI has warned that brokered PII and harvested personal data are being weaponized to “establish rapport” before account takeover; a December 2025 PSA added that AI‑cloned voices plus personal data makes these attacks nearly indistinguishable from legitimate contact.

Palo Alto’s Unit 42 found social engineering was the top initial access vector in 36% of incidents (May 2024–May 2025), with callback/voice techniques in 23% and internal impersonation in 45% of cases. Two‑thirds of these attacks targeted privileged accounts — finance leaders, IT admins, and executives — whose personal information is often indexed across public sites.

In short: your attack surface now includes the open‑web exposure of every person who can log into your SSO.

What defenders should do now

Mandiant’s BlackFile guidance outlines strong technical controls:

• Deploy phishing‑resistant MFA. FIDO2 security keys and passkeys defeat the adversary‑in‑the‑middle technique BlackFile uses. Push and SMS are insufficient.

• Monitor IdP logs for system.multifactor.factor.setup events following failed or abandoned MFA challenges — a telltale of attacker‑registered devices.

• Treat FileAccessed with suspicion when the User‑Agent is a programming library (python‑requests, PowerShell, Go), and elevate it to the same severity as FileDownloaded.

• Alert on logins from commercial VPN and hosting provider IPs outside an employee’s normal geography.

• Audit SaaS API activity for high‑volume access bursts that exceed human browsing capacity.

Palo Alto’s recommendations mirror this: harden identity, instrument SaaS telemetry, and reduce standing privilege for any single account.

But these are post‑call controls. They don’t stop a stranger who already has your CFO’s cell number and family details from making the call that starts the breach.

Pre‑attack defense: shrink the personal data footprint

This is the layer most organizations underinvest in — and it’s precisely what Priwall by mePrism addresses.

Priwall continuously identifies employees’ personal information across the data‑broker ecosystem — cell numbers, home addresses, relatives, employer history, and lifestyle data — and systematically removes it. The objective isn’t perfect invisibility; it’s raising the cost and effort for attackers so targeting becomes uneconomic.

That approach has gained serious industry traction. Charles Carmakal, CTO of Mandiant Consulting at Google Cloud and a lead author on the BlackFile disclosure, serves as an advisor to Priwall. His involvement signals that personal‑data exposure is now understood as an enterprise infrastructure risk on par with identity and endpoint security.

For BlackFile‑style operators the calculus is simple:

• If an employee’s personal cell, address, and family details are discoverable within minutes via broker queries, the IT pretext succeeds.

• If those data points are purged from broker sites, attackers must invest far more effort per target or seek softer targets.

This aligns with Unit 42’s “high‑touch compromise” pattern: attackers escalate to voice tactics only when they have enough personal context to make the call convincing. Remove the context, and the high‑touch model breaks down.

Privacy hygiene as a security control

BlackFile is not the first vishing extortion crew, and it won’t be the last. The tradecraft — calling personal phones, exploiting passkey migration anxiety, and streaming SaaS data through legitimate APIs — is now established across criminal groups.

Defending against identity‑centric extortion requires layered investment:

• phishing‑resistant MFA,

• SaaS telemetry,

• identity hardening, and

• SOC playbooks that treat FileAccessed events seriously.

It also requires something many enterprises have never formally addressed: reducing the personal‑data attack surface of their employees. Given the trajectory documented by Mandiant, Unit 42, and the FBI, treating a service like Priwall as a baseline control alongside MFA and EDR is reasonable. These adversaries aren’t breaking your software — they’re exploiting personal information that should never have been public.

The faster you shrink that footprint, the harder it is for an attacker to make the call that starts a breach.

By Thomas Daly, CEO, mePrism Privacy. Thomas leads mePrism Inc., the company behind Priwall by mePrism, and writes regularly on consumer privacy regulation and the B2B economics of data-broker removal.