3AM Ransomware Gang Launches Email Bombing Attacks

Threat actors affiliated with the 3AM ransomware group have deployed highly targeted intrusion techniques in early 2024, including email bombing and impersonation of IT support personnel, according to a report from BleepingComputer. The attackers used email bombing — a tactic involving a flood of irrelevant emails — to obscure critical security alerts and distract potential victims. Simultaneously, they staged fake IT support calls to gain unauthorized access to systems, increasing the effectiveness of their campaigns.

The dual-pronged approach indicates a strategic shift by the 3AM operation toward more sophisticated social engineering and obfuscation methods. These tactics were observed primarily during the first quarter of the year, suggesting a pattern of coordinated activity. While the full scope of the intrusions remains unclear, the use of such techniques highlights the evolving threat landscape posed by ransomware groups. Organizations are advised to remain vigilant and reinforce both technical defenses and employee awareness to counter these emerging threats.