Cybersecurity agency Group-IB and UNICC carried out a joint venture where they took down 134 websites handled by hacking group "DarkPath." As per UN and Group-IB, these websites were earlier used to impersonate WHO. Hackers built a diverse network of 134 malicious domains that were pretending to be WHO on 'Health Awareness Day, ' asking people to fill a fake survey with an assurance of rewards in return. The hackers assured users €200 to take out the surveys and also share them with WhatsApp contacts.
But, the rewards were never sent and the scam had built a massive spam campaign that gave new traffic to malicious websites. After informing UN's International Computing Centre, group IB worked with a range of service suppliers and network regulators, hosting providers, domain registrars to quash the 134 websites scam campaign. When the websites were blocked, hackers avoided using the WHO brand for their network campaign. But Dark Path still is active despite the WHO breakdown. As per Group-IB findings, the sites managed to land around 200000 users on the fake sites every day.
Along with the multi-stage nature of the attack that makes it harder for researchers to detect, users saw personalized content that depends upon geolocation, language settings, and user agents. For instance, the reward currency for filling out the survey would vary depending upon the user's location. DarkPath controlled scam websites are still active and keep targeting millions of victims around the globe. These hackers promote their websites via paid ads, social media, and email blasts.
According to UNICC, .during the infrastructure analysis, "Group-IB researchers examined the d ..