Tuesday, December 24, 2024
HomeCyber CrimeRussian Hackers Registering Domains Targeting US Tech Brands

Russian Hackers Registering Domains Targeting US Tech Brands

Published on

SIEM as a Service

Researchers are tracking a Russian threat actor deploying domains involved in crypto scams targeting the US Presidential Election and tech brands.

The scams offer double crypto returns for deposits and are designed to deceive users into sending coins to attacker-controlled wallets.

The research identified numerous websites promoting fraudulent giveaways featuring high-profile US individuals and brands, using counterfeit legal letters to enhance their credibility. 

- Advertisement - SIEM as a Service

These websites targeted prominent figures like Donald Trump, Kamala Harris, Tim Cook, and others, falsely associating them with the scams.

During a separate investigation, threat analysts discovered IOFA domains registered to a Russian email address (ek1991@internet.ru), suggesting a link to potential scam activities.  

Apple spoofing page @ https://apple-event2024[.]com
Apple spoofing page @ https://apple-event2024[.]com

They identified a cluster of live scam domains sharing key attributes: registration by ek1991@internet.ru, Cloudflare protection, and similar content themes (cryptocurrency, US finance/tech, 2024 election) with identical body text, which employ CAPTCHAs and some even include chat functionality.

No organizations or individuals are directly involved in the spoofing of any websites, including cryptologic.online, which features content written in Russian. 

Instead, it appears to be a platform for discussing and analyzing cryptographic techniques and related topics, potentially serving as a resource for individuals interested in cryptology.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Fake FTC letter @ debate[.]gives
Fake FTC letter @ debate[.]gives

The cluster hosts some domains that spoof well-known US politicians and business leaders, likely being used for phishing or other malicious activities.

The chat function on some domains provides step-by-step instructions for transferring cryptocurrency, often requiring the victim to send a specific amount of cryptocurrency before receiving a promised payout. 

This method leads victims to believe that they are sending money without receiving anything in return.

chat functionality
chat functionality

The fraudulent footer content in debate[.]gives included fake legal letters from US regulatory bodies, falsely legitimizing the proposed giveaways, which claimed that the giveaways were sanctioned by the SEC, FTC, and DOJ, which is untrue.

Analysts are creating a silent push IOFA feed of scam domains for enterprise users to integrate into their security systems.

This feed will enhance detection capabilities and enable investigation of related attacker infrastructure using the Silent Push Console and Feed Analytics screen.

Analyse AnySuspicious Links Using ANY.RUN's New Safe Browsing Tool: Try It for Free

Latest articles

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...