Home Cybersecurity Russian Hackers Target US Tech Giants with Fake Domains

Russian Hackers Target US Tech Giants with Fake Domains

0
Russian Hackers Target US Tech Giants with Fake Domains

Cybersecurity experts have identified a Russian-linked threat actor orchestrating a widespread crypto scam targeting US political figures and tech companies. 

The attackers are using fake giveaways of Bitcoin and Ethereum to lure victims into sending cryptocurrency to fraudulent wallets, which are amplified through websites featuring counterfeit legal letters and prominent US brand names, designed to enhance their credibility. 

Threat actors are actively deploying domains associated with these scams, which poses a significant risk to individuals and organizations that are not paying attention to the situation.

Donald Trump spoofing page @ https://musk.trump[.]io

The Threat Analysts identified suspicious domains (IOFAs) registered to a Russian email address (ek1991@internet.ru) during an investigation, which shared several technical characteristics, suggesting they were part of a scamming campaign. 

They were all hosted behind Cloudflare, contained similar content related to cryptocurrency, US finance/tech, and the upcoming US Presidential Election, and were hidden behind CAPTCHAs. 

Presidential debate/Tesla spoofing page

Additionally, some included chat functionalities. Interestingly, one domain (cryptologic[.]online) contained Russian content but wasn’t directly spoofing any organizations or individuals.  

The provided sample of domains demonstrates a malicious cyber threat, namely domain spoofing, which is designed to impersonate reputable entities like US politicians and business leaders, potentially aiming to deceive users into clicking on malicious links or divulging sensitive information. 

Fake DOJ letter @ debate[.]gives

The continued presence of these domains, despite Cloudflare’s efforts, highlights the ongoing challenge of combating sophisticated cyber attacks and the need for robust security measures to protect users from online threats.

The scammers have employed a chat function within their domain to provide tailored instructions for transferring coins, which acts as a gateway, guiding victims through the specific steps required for the fraudulent transaction. 

According to Silent Push, scammers are able to effectively draw victims into their carefully orchestrated scheme by having them participate in the chat, which ultimately results in the victims losing their digital assets.

Messages from the scammers

The fraudulent domain debate[.]gives employed a deceptive tactic to lend legitimacy to its proposed “giveaways.” Its footer content included fake legal letters, falsely claiming sanction by the SEC, FTC, and DOJ. 

This deceptive practice aimed to mislead users into believing that the giveaways were legally approved and secure. By fabricating these letters, the domain sought to instill trust and credibility in its fraudulent activities.

Also Read:

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here