RansomwareJun 3, 2026
We are tracking Pink (CL-CRI-1147), a new Com-affiliated extortion brand whose leak site went liv...
Pink, new Com-affiliated extortion group, launches leak site targeting enterprise cloud storage via credential phishing.
Summary
A newly tracked threat group called Pink (CL-CRI-1147), affiliated with the Com ransomware operation, has launched a leak site as of May 31, 2026. The group uses vishing and IT impersonation tactics to harvest credentials and MFA bypass techniques, then exfiltrates enterprise cloud storage and productivity data for extortion purposes.
Indicators of Compromise
- malware — Pink
- malware — Com
Entities
Pink (CL-CRI-1147) (threat_actor)Com ransomware operation (campaign)