Russian BEC Ring Targets Many Multinational Organizations

Over the past year, a Russian cybercrime group has launched over 200 business email compromise (BEC) campaigns targeting multinational organizations.


Referred to as Cosmic Lynx, the threat actor has targeted individuals in 46 countries on six continents, nearly all of whom were employees of Fortune 500 or Global 2000 companies.


“Even employees in countries not typically seen in phishing campaign targeting sets, like Namibia and Mongolia, were targeted by Cosmic Lynx,” email security company Agari explains in a new report.


The group mainly focused on senior-level executives, with three quarters of the targets holding titles such as managing director, vice president, or general manager. Other targeted positions include subsidiary or country-level CEO, president, and CFO.


As part of their attacks, the hackers use a dual impersonation scheme. Impersonating a company’s CEO, the group asks the targeted employee to coordinate payments for the acquisition of an Asian company. Additionally, they hijack the identity of an attorney at a legitimate law firm in the UK, and leverage it to facilitate the fake acquisition.


The stolen funds are mainly sent to mule accounts in Hong Kong, but the threat actor has also used secondary accounts in Hungary, Portugal, and Romania. However, the group appears to avoid using secondary mule accounts in the United States.


Unlike other BEC fraudsters who typically ask for an average amount of $55,000 to be wired to mule accounts, Cosmic Lynx asks for hundreds of thousands or even millions of dollars, Agari points out.


Cosmic Lynx is aware of an organization’s use of DMARC. While it typically directly spoofs CEO email addresses, the grou ..

Support the originator by clicking the read the rest link below.