Saturday, June 15, 2024

RedThief Hacker Group Targeting Students in The U.K. to Steal Financial Data

In an activity dubbed RedThief (aka RedZei), Chinese-speaking scammers have been targeting Chinese international students in the UK for more than a year.

There have been numerous reports of scammers calling from a UK phone number once or twice a month leaving a voicemail that is unusual for an automated voicemail and often leaving only one or two messages.

Threat actors use this as one of their main modes of operation. Apart from this here’s what Will Thomas (@BushidoToken), a cybersecurity researcher stated:-

“A rich victim group that is ripe for exploitation is precisely what RedZei fraudsters used as their targets after careful research and careful selection.”

Aspect and Malicious Tradecrafts of the Operation

There is one remarkable characteristic of this operation, and that is how the threat actors were able to circumvent the steps that users had taken to prevent scam calls.

They do so by preventing the use of a phone number-based blocking system with help of pay-as-you-go UK phone numbers for each wave.

An attacker in this scenario switches between SIM cards from several mobile carriers, including the following ones:-

  • Three
  • O2
  • EE
  • Tesco Mobile
  • Telia

The main purpose of voicemails is to social engineer students into sharing personal information by impersonating companies such as:-

  • Bank of China
  • China Mobile
  • Chinese embassy

“RedZei gang includes leveraging Chinese enterprises, such as the Bank of China or China Mobile (CMLink) to social engineer the international students into providing their personal details.”

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles