For years, costly email grifts have largely been the provenance of West African scammers, particularly those based in Nigeria. A newly discovered "business email compromise" campaign, though, appears to come from a criminal group in a part of the world better known for a different brand of online mayhem: Russia.
Dubbed "Cosmic Lynx," the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hustles. The researchers, who have worked extensively on tracking Nigerian BEC scammers, say they don't have a clear sense of how often Cosmic Lynx actually succeeds at obtaining a payout. Given that the group hasn't lowered its asks in a year, though, and has been prolific about developing new campaigns—including some compelling Covid-19-related scams—Agari reasons that Cosmic Lynx must be raking in a fair amount of money.
"Most Eastern European and Russian hackers have been so entrenched in malware campaigns and technically sophisticated infrastructure that as long as there are returns they don’t need to adapt," says Crane Hassold, senior director of threat research at Agari and a former digital behavior analyst for the Federal Bureau of Investigation. "But defenses against technically sophisticated attacks have gotten significantly better, and they're realizing that the return on investment for these social engineering-based attacks is much higher."
West African scammers typically run their BEC campaigns off of rented or free cloud infrastructure using free email accounts. They have increasingly branched out into u ..
Support the originator by clicking the read the rest link below.
