Cyber Security News

Russian Hackers Registering Domains Targeting US Tech Brands

Researchers are tracking a Russian threat actor deploying domains involved in crypto scams targeting the US Presidential Election and tech brands.

The scams offer double crypto returns for deposits and are designed to deceive users into sending coins to attacker-controlled wallets.

The research identified numerous websites promoting fraudulent giveaways featuring high-profile US individuals and brands, using counterfeit legal letters to enhance their credibility. 

These websites targeted prominent figures like Donald Trump, Kamala Harris, Tim Cook, and others, falsely associating them with the scams.

During a separate investigation, threat analysts discovered IOFA domains registered to a Russian email address (ek1991@internet.ru), suggesting a link to potential scam activities.  

Apple spoofing page @ https://apple-event2024[.]com

They identified a cluster of live scam domains sharing key attributes: registration by ek1991@internet.ru, Cloudflare protection, and similar content themes (cryptocurrency, US finance/tech, 2024 election) with identical body text, which employ CAPTCHAs and some even include chat functionality.

No organizations or individuals are directly involved in the spoofing of any websites, including cryptologic.online, which features content written in Russian. 

Instead, it appears to be a platform for discussing and analyzing cryptographic techniques and related topics, potentially serving as a resource for individuals interested in cryptology.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Fake FTC letter @ debate[.]gives

The cluster hosts some domains that spoof well-known US politicians and business leaders, likely being used for phishing or other malicious activities.

The chat function on some domains provides step-by-step instructions for transferring cryptocurrency, often requiring the victim to send a specific amount of cryptocurrency before receiving a promised payout. 

This method leads victims to believe that they are sending money without receiving anything in return.

chat functionality

The fraudulent footer content in debate[.]gives included fake legal letters from US regulatory bodies, falsely legitimizing the proposed giveaways, which claimed that the giveaways were sanctioned by the SEC, FTC, and DOJ, which is untrue.

Analysts are creating a silent push IOFA feed of scam domains for enterprise users to integrate into their security systems.

This feed will enhance detection capabilities and enable investigation of related attacker infrastructure using the Silent Push Console and Feed Analytics screen.

Analyse AnySuspicious Links Using ANY.RUN's New Safe Browsing Tool: Try It for Free

Aman Mishra

Recent Posts

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

10 hours ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

1 day ago

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…

1 day ago

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…

1 day ago

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…

1 day ago

New Python NodeStealer Attacking Facebook Business To Steal Login Credentials

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…

1 day ago