Friday, December 6, 2024
HomeCyber AttackRedThief Hacker Group Targeting Students in The U.K. to Steal Financial Data

RedThief Hacker Group Targeting Students in The U.K. to Steal Financial Data

Published on

SIEM as a Service

In an activity dubbed RedThief (aka RedZei), Chinese-speaking scammers have been targeting Chinese international students in the UK for more than a year.

There have been numerous reports of scammers calling from a UK phone number once or twice a month leaving a voicemail that is unusual for an automated voicemail and often leaving only one or two messages.

Threat actors use this as one of their main modes of operation. Apart from this here’s what Will Thomas (@BushidoToken), a cybersecurity researcher stated:-

- Advertisement - SIEM as a Service

“A rich victim group that is ripe for exploitation is precisely what RedZei fraudsters used as their targets after careful research and careful selection.”

Aspect and Malicious Tradecrafts of the Operation

There is one remarkable characteristic of this operation, and that is how the threat actors were able to circumvent the steps that users had taken to prevent scam calls.

They do so by preventing the use of a phone number-based blocking system with help of pay-as-you-go UK phone numbers for each wave.

An attacker in this scenario switches between SIM cards from several mobile carriers, including the following ones:-

  • Three
  • O2
  • EE
  • Tesco Mobile
  • Telia

The main purpose of voicemails is to social engineer students into sharing personal information by impersonating companies such as:-

  • Bank of China
  • China Mobile
  • Chinese embassy

“RedZei gang includes leveraging Chinese enterprises, such as the Bank of China or China Mobile (CMLink) to social engineer the international students into providing their personal details.”

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials

Researchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Deloitte Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

UK Healthcare Provider Hit by Cyberattack, Services Affected

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack,...