LARVA-208 is a threat actor known for sophisticated spear-phishing attacks since June 2024, utilizing smishing and vishing tactics to install RMM software on victims' machines. Their methods include creating phishing sites to harvest VPN credentials and using fake calls or messages to divert victims to malicious links. They deploy data stealers and ransomware after gaining access, having compromised over 618 organizations, often linked to LARVA-148 for domain acquisitions. LARVA-208 exemplifies advanced, targeted cyber attack strategies emphasizing social engineering and evasion of security measures, posing ongoing threats to corporate networks.
https://catalyst.prodaft.com/public/report/larva-208/overview