Cybersecurity experts have identified a Russian-linked threat actor orchestrating a widespread crypto scam targeting US political figures and tech companies.
The attackers are using fake giveaways of Bitcoin and Ethereum to lure victims into sending cryptocurrency to fraudulent wallets, which are amplified through websites featuring counterfeit legal letters and prominent US brand names, designed to enhance their credibility.
Threat actors are actively deploying domains associated with these scams, which poses a significant risk to individuals and organizations that are not paying attention to the situation.
The Threat Analysts identified suspicious domains (IOFAs) registered to a Russian email address (ek1991@internet.ru) during an investigation, which shared several technical characteristics, suggesting they were part of a scamming campaign.
They were all hosted behind Cloudflare, contained similar content related to cryptocurrency, US finance/tech, and the upcoming US Presidential Election, and were hidden behind CAPTCHAs.
Additionally, some included chat functionalities. Interestingly, one domain (cryptologic[.]online) contained Russian content but wasn’t directly spoofing any organizations or individuals.
The provided sample of domains demonstrates a malicious cyber threat, namely domain spoofing, which is designed to impersonate reputable entities like US politicians and business leaders, potentially aiming to deceive users into clicking on malicious links or divulging sensitive information.
The continued presence of these domains, despite Cloudflare’s efforts, highlights the ongoing challenge of combating sophisticated cyber attacks and the need for robust security measures to protect users from online threats.
The scammers have employed a chat function within their domain to provide tailored instructions for transferring coins, which acts as a gateway, guiding victims through the specific steps required for the fraudulent transaction.
According to Silent Push, scammers are able to effectively draw victims into their carefully orchestrated scheme by having them participate in the chat, which ultimately results in the victims losing their digital assets.
The fraudulent domain debate[.]gives employed a deceptive tactic to lend legitimacy to its proposed “giveaways.” Its footer content included fake legal letters, falsely claiming sanction by the SEC, FTC, and DOJ.
This deceptive practice aimed to mislead users into believing that the giveaways were legally approved and secure. By fabricating these letters, the domain sought to instill trust and credibility in its fraudulent activities.