Sophisticated Russian BEC Group Targets Multinationals

Security company Agari has unearthed a massive Russian business email compromise (BEC) operation that it says has been operating under the radar for at least a year. The group, nicknamed Cosmic Lynx, targets large multinational companies, the security researchers said.

Detailing the group's activities in a report this week, Agari said that it had been involved in over 200 BEC campaigns since July 2019. It believes that Cosmic Lynx has targeted senior executives in 46 countries spanning six continents.

Cosmic Lynx's modus operandi is more sophisticated than many BEC groups, using what Agari calls a dual impersonation scheme. The attacks begin with an email supposedly from a senior executive at the target company to an employee, informing them of an attempt to take over a company in Asia. The email says that the employee is the only person entrusted with this information and asks them to manage the acquisition.

The scammers then introduce the victim to a lawyer who is supposed to be coordinating the acquisition payment. The lawyer arranges for the payment—often running into millions of dollars—to be sent to a mule account in Hong Kong. Cosmic Lynx impersonates a real UK-based lawyer in its emails, spoofing the law firm's address with a similar-looking domain name.

The group uses excellent English in its emails, unlike many BEC scams, notes Agari. It is also fastidious about its infrastructure. It registers domains that provide an air of authenticity by using security terminology such as secure-mail-gateway.cc. It even used Fortinet, the name of a popular security company, in some of its domains. The group then points the top-level domai ..

Support the originator by clicking the read the rest link below.