#CERT #scam #fakes
The Group-IB Computer Emergency Response Team (CERT-GIB) has been investigating several fake investment schemes which are targeting European citizens. In the course of the research, a gigantic network infrastructure was uncovered and analyzed, which contained over 10,000 rogue resources, including similar fraudulent ones aimed at the inhabitants of the entire Eurasian continent and North America.
The main goal of these schemes is to convince the victims to repeatedly transfer funds to the fake investment portal. The victims are usually promised huge returns on their investments and are shown "how I got rich" stories featuring celebrities.
In our latest blog post we take a deeper dive into the fake investments schemes, showcase a couple of them including a conversation with the scammers that we managed to record, and provide recommendations for the users. Check it out👈
The Group-IB Computer Emergency Response Team (CERT-GIB) has been investigating several fake investment schemes which are targeting European citizens. In the course of the research, a gigantic network infrastructure was uncovered and analyzed, which contained over 10,000 rogue resources, including similar fraudulent ones aimed at the inhabitants of the entire Eurasian continent and North America.
The main goal of these schemes is to convince the victims to repeatedly transfer funds to the fake investment portal. The victims are usually promised huge returns on their investments and are shown "how I got rich" stories featuring celebrities.
In our latest blog post we take a deeper dive into the fake investments schemes, showcase a couple of them including a conversation with the scammers that we managed to record, and provide recommendations for the users. Check it out👈
🔥4
Group-IB
#CERT #scam #fakes The Group-IB Computer Emergency Response Team (CERT-GIB) has been investigating several fake investment schemes which are targeting European citizens. In the course of the research, a gigantic network infrastructure was uncovered and analyzed…
#FightAgainstCybercrime
The aim of this research is to raise awareness about the fake investment scheme and ultimately reduce the number of victims. We encourage cybersecurity researchers and the general public to join the fight against cybercrime and share fraudulent domains with us via "Report an Incident" form at https://www.group-ib.com for further evaluation and takedown.
If you are at the beginning of your journey in cybersecurity and want to become a specialist, check out our educational programs. All our courses and workshops are practice-oriented and include real cases and lab sessions. More details👈
The aim of this research is to raise awareness about the fake investment scheme and ultimately reduce the number of victims. We encourage cybersecurity researchers and the general public to join the fight against cybercrime and share fraudulent domains with us via "Report an Incident" form at https://www.group-ib.com for further evaluation and takedown.
If you are at the beginning of your journey in cybersecurity and want to become a specialist, check out our educational programs. All our courses and workshops are practice-oriented and include real cases and lab sessions. More details👈
👍5
#Classiscam
Group-IB has uncovered that Classiscam — a sophisticated scam-as-a-service operation — has expanded to Singapore in March 2022. Classiscam fraudsters target users of one of the leading classified platforms in Singapore. Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data.
Using its extensive scam intelligence on the Classiscam operation and its patented Graph Network Analysis tool, the Group-IB Digital Risk Protection team revealed that the scammers designed a phishing tool that generates fake websites that mimic the official platform of a local classified website used for selling and buying goods. These fake links are generated using web panels or Telegram bots.
In line with its mission of fighting against cybercrime, Group-IB immediately shared its findings about Classiscam with the members of the Singapore Police Force’s Alliance of Public-Private Cybercrime Stakeholders (APPACT) and the local classified website in question.
Learn more about the scheme 👈
Group-IB has uncovered that Classiscam — a sophisticated scam-as-a-service operation — has expanded to Singapore in March 2022. Classiscam fraudsters target users of one of the leading classified platforms in Singapore. Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data.
Using its extensive scam intelligence on the Classiscam operation and its patented Graph Network Analysis tool, the Group-IB Digital Risk Protection team revealed that the scammers designed a phishing tool that generates fake websites that mimic the official platform of a local classified website used for selling and buying goods. These fake links are generated using web panels or Telegram bots.
In line with its mission of fighting against cybercrime, Group-IB immediately shared its findings about Classiscam with the members of the Singapore Police Force’s Alliance of Public-Private Cybercrime Stakeholders (APPACT) and the local classified website in question.
Learn more about the scheme 👈
Group-IB
Global scam operation "Classiscam" expanded to Singapore
Group-IB has uncovered that Classiscam a sophisticated scam-as-a-service operation has expanded to Singapore in March 2022.
👍3
Group-IB
#Classiscam Group-IB has uncovered that Classiscam — a sophisticated scam-as-a-service operation — has expanded to Singapore in March 2022. Classiscam fraudsters target users of one of the leading classified platforms in Singapore. Scammers posing as legitimate…
#Classiscam
Using its patented Graph Network Analysis tool, Group-IB experts were able to reveal the group of interconnected websites operated by this group of Classiscammers. The whole group’s network included more than 200 domains, 18 of which were created to deceive the users of a Singaporean classified website, including 2 active as of July 19th, 2022.
Other websites in the network impersonate Singaporean moving companies, European, Asian, and Middle Eastern classified websites, banks, marketplaces, food and crypto brands, and delivery companies, which proves Classiscam’s global operations.
❗️Users should always check the domain of the URL to verify if it’s the official website before sharing any personal and payment details. Another recommendation is when communicating with the other party for sale of goods or services, to engage with online chat designed by official websites. Finally, like with conventional scams, do not trust too-good-to-be-true offers.
More details👈
Using its patented Graph Network Analysis tool, Group-IB experts were able to reveal the group of interconnected websites operated by this group of Classiscammers. The whole group’s network included more than 200 domains, 18 of which were created to deceive the users of a Singaporean classified website, including 2 active as of July 19th, 2022.
Other websites in the network impersonate Singaporean moving companies, European, Asian, and Middle Eastern classified websites, banks, marketplaces, food and crypto brands, and delivery companies, which proves Classiscam’s global operations.
❗️Users should always check the domain of the URL to verify if it’s the official website before sharing any personal and payment details. Another recommendation is when communicating with the other party for sale of goods or services, to engage with online chat designed by official websites. Finally, like with conventional scams, do not trust too-good-to-be-true offers.
More details👈
🔥5
Forwarded from The Hacker News
A sophisticated scam-as-a-service scheme known as "Classiscam" is now targeting Singapore.
Read details: https://t.co/OIhdnnMgTh
Read details: https://t.co/OIhdnnMgTh
#cybersecurity #tips
It is important to follow the cyber safety rules and stay vigilant. However, it is also important to know what to do if you are a victim of cybercrime. Here's a set of recommendations on what steps to take if you've been scammed.
It is important to follow the cyber safety rules and stay vigilant. However, it is also important to know what to do if you are a victim of cybercrime. Here's a set of recommendations on what steps to take if you've been scammed.
🔥4
#MaliBot #trojan
👑 Flubot is dead, and the new evil is detected and crowned, the first of his name – MaliBot. MaliBot malware, usually disguised as a cryptocurrency mining application, targets Android devices and uses overlay attacks to outfox MFA/2FA, capture messages and SMS, and steal banking and crypto credentials.
MaliBot operators harness a variety of distribution campaigns: they promote cryptocurrency applications in the form of APKs that victims are supposed to download and install manually; they clone real projects like TheCryptoApp (1M+ downloads on Google Play Store); operators also use smishing (SMS phishing) and other methods to multiply their chances to succeed.
There are at least two major countermeasures to leverage against such fraud attacks. Check out our new blog post to learn more👈
And also take a look at this live demonstration of how Group-IB Fraud Protection stops MaliBot or other similar threats.
👑 Flubot is dead, and the new evil is detected and crowned, the first of his name – MaliBot. MaliBot malware, usually disguised as a cryptocurrency mining application, targets Android devices and uses overlay attacks to outfox MFA/2FA, capture messages and SMS, and steal banking and crypto credentials.
MaliBot operators harness a variety of distribution campaigns: they promote cryptocurrency applications in the form of APKs that victims are supposed to download and install manually; they clone real projects like TheCryptoApp (1M+ downloads on Google Play Store); operators also use smishing (SMS phishing) and other methods to multiply their chances to succeed.
There are at least two major countermeasures to leverage against such fraud attacks. Check out our new blog post to learn more👈
And also take a look at this live demonstration of how Group-IB Fraud Protection stops MaliBot or other similar threats.
👍5🔥5👏1
#award #cybersecurity
🎉We are proud to announce that Jennifer Soh, Senior Cyber Investigation Specialist, and Kristina Ivanova, Deputy Head of the Group-IB’s Cyber Investigations team in Singapore, have been featured in the list of Top 30 Women in Security ASEAN Region!
Both Kristina and Jennifer are passionate about Group-IB’s mission of fighting against cybercrime which they do on a daily basis. In their roles, they are tasked with identifying and tracking down the most advanced cybercriminals syndicates and helping national police forces in the Asia-Pacific, as well as the international law enforcement organizations, bring threat actors to justice. For instance, Kristina and Jennifer assisted in the most recent INTERPOL-led operations codenamed Falcon I, Falcon II, and Delilah.
More details 👈
🎉We are proud to announce that Jennifer Soh, Senior Cyber Investigation Specialist, and Kristina Ivanova, Deputy Head of the Group-IB’s Cyber Investigations team in Singapore, have been featured in the list of Top 30 Women in Security ASEAN Region!
Both Kristina and Jennifer are passionate about Group-IB’s mission of fighting against cybercrime which they do on a daily basis. In their roles, they are tasked with identifying and tracking down the most advanced cybercriminals syndicates and helping national police forces in the Asia-Pacific, as well as the international law enforcement organizations, bring threat actors to justice. For instance, Kristina and Jennifer assisted in the most recent INTERPOL-led operations codenamed Falcon I, Falcon II, and Delilah.
More details 👈
🔥15❤3👍1👏1
#APT
The state-sponsored hacker group APT41 (aka BARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly), whose goals are cyber espionage and financial gain, has been active since at least 2007. The Group-IB Threat Intelligence team estimates that in 2021 the threat actors gained access to at least 13 organizations worldwide. While analyzing the group’s malicious campaigns, our experts uncovered interesting adversary techniques and artifacts left by the hackers that point to their origin.
Here are some highlights:
▪️The group’s targets include government and private organizations based in the US, Taiwan, India, Thailand, China, Hong Kong, Mongolia, Indonesia, Vietnam, Bangladesh, Ireland, Brunei, and the UK.
▪️APT41’s “working” days are Monday to Friday. They usually start at 10 AM and finish around 7 PM (UTC+8).
▪️As an initial vector, the group uses web applications vulnerable to SQL injection attacks.
▪️The main tool used in their campaigns is a custom Cobalt Strike Beacon.
The state-sponsored hacker group APT41 (aka BARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly), whose goals are cyber espionage and financial gain, has been active since at least 2007. The Group-IB Threat Intelligence team estimates that in 2021 the threat actors gained access to at least 13 organizations worldwide. While analyzing the group’s malicious campaigns, our experts uncovered interesting adversary techniques and artifacts left by the hackers that point to their origin.
Here are some highlights:
▪️The group’s targets include government and private organizations based in the US, Taiwan, India, Thailand, China, Hong Kong, Mongolia, Indonesia, Vietnam, Bangladesh, Ireland, Brunei, and the UK.
▪️APT41’s “working” days are Monday to Friday. They usually start at 10 AM and finish around 7 PM (UTC+8).
▪️As an initial vector, the group uses web applications vulnerable to SQL injection attacks.
▪️The main tool used in their campaigns is a custom Cobalt Strike Beacon.
🔥6👎1
Group-IB
#APT The state-sponsored hacker group APT41 (aka BARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly), whose goals are cyber espionage and financial gain, has been active since at least 2007. The Group-IB Threat Intelligence team estimates…
#APT #FightAgainstCybercrime
Want to learn more about the notorious APT41 group? Check out our latest blog post which details how the hackers conducted reconnaissance, gained initial access, ensured persistence and moved across the network, as well as what they were looking for on the compromised devices. In the conclusion section, we give advice on how to identify the group’s infrastructure and protect yours. IT directors, heads of cybersecurity teams, SOC analysts and incident response specialists are likely to find this material useful. Read👈
If you are interested in what we do and would like to become an expert in the same field, you can take our Digital Forensics, Incident Response, and Threat Intelligence training courses. Let’s hunt together for the threats, and contribute to the fight against cybercrime — a mission worthy of a superhero. Click the link👈
Want to learn more about the notorious APT41 group? Check out our latest blog post which details how the hackers conducted reconnaissance, gained initial access, ensured persistence and moved across the network, as well as what they were looking for on the compromised devices. In the conclusion section, we give advice on how to identify the group’s infrastructure and protect yours. IT directors, heads of cybersecurity teams, SOC analysts and incident response specialists are likely to find this material useful. Read👈
If you are interested in what we do and would like to become an expert in the same field, you can take our Digital Forensics, Incident Response, and Threat Intelligence training courses. Let’s hunt together for the threats, and contribute to the fight against cybercrime — a mission worthy of a superhero. Click the link👈
❤4👍2
#phishing #0ktapus
Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 thousand accounts of over 130 organizations being compromised.
The campaign was codenamed 0ktapus by Group-IB researchers due to the impersonation of a popular Identity and Access Management service. The vast majority of the victims are located in the United States and use Okta’s Identity and Access Management services.
Group-IB Threat Intelligence team uncovered and analyzed the attackers’ phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.
Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 thousand accounts of over 130 organizations being compromised.
The campaign was codenamed 0ktapus by Group-IB researchers due to the impersonation of a popular Identity and Access Management service. The vast majority of the victims are located in the United States and use Okta’s Identity and Access Management services.
Group-IB Threat Intelligence team uncovered and analyzed the attackers’ phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.
🔥3👍1👎1