Cyber Threat Actor: Vishers
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
Vishers is a threat actor known by that alias and is located in the United States of America. The actor has been observed targeting clients of financial institutions, specifically wealth management services, within the United States. In February 2022, Vishers conducted a series of voice phishing calls in which they impersonated representatives of Morgan Stanley Wealth Management to deceive account holders into revealing their online credentials. After obtaining the credentials, the actors accessed the compromised accounts and initiated unauthorized electronic fund transfers through the Zelle payment service. Morgan Stanley responded by disabling the affected accounts, implementing additional verification procedures for the impacted clients, and confirming that its internal systems were not compromised during the incident. The activity followed a separate data exposure event that originated from a third‑party vendor’s compromised file transfer appliance, although no public attribution links that prior exposure to Vishers.
The observed tactics of Vishers rely primarily on social engineering via voice communication, with no publicly reported use of malware families or custom tooling beyond the impersonation and credential harvesting steps. The actor’s tooling style appears focused on leveraging legitimate communication channels to gain access, followed by the abuse of legitimate payment platforms for monetary transfer. No public sources have established a clear state nexus, criminal consortium affiliation, or other attribution details for Vishers, leaving the actor’s broader associations undetermined. The Morgan Stanley incident represents the most notable and publicly documented operation associated with this alias, illustrating a pattern of financially oriented social engineering aimed at illicit fund movement.
