Cybersecurity experts have found evidence of criminals posing as powerful multinational legal firms to scam victims into paying for work that never existed.
Abnormal Security researchers discovered a completely new Business Email Compromise (BEC) attack that was carried out by a gang of malicious hackers known as Crimson Kingsnake, TechRadar reported.
According to an article by Bleeping Computer, the first discovery of the group's activity was in March 2022, with 92 domains connected to them. All of these domains are designed to seem like they belong to legitimate US law firms.
Crimson Kingsnake in Action
In what analysts refer to as "blind BEC attacks," the victims are most likely selected at random. To put it another way, the perpetrators of the attack would cast a broad net and see what caught their attention.
To initiate the attack, the threat actors would send out an email, purporting to be one of many prominent legal firms in the US, and asking money for work that was reportedly done many months earlier.
The actual email is very well constructed, using names of prominent law firms and accounting firms like Kirkland & Ellis, Sullivan & Cromwell, and Deloitte. The email address is virtually similar to the legitimate email affiliated with the legal company but is not identical.
Even though it is obviously a typo-squatted email, the content has all the appropriate logos and letterheads. In addition, it has punctuation, which is not a characteristic that often appears in BEC or phishing attempts.
The Victims
Things take an unusual turn for the better when the victim confronts the attackers. The hackers would bring in a third identity; a pretend executive from the target company, who would verify the request's legitimacy and approve the payment.
The report said, "When the group meets resistance from a targeted employee, Crimson Kingsnake occasionally adapts their tactics to impersonate a second persona: an executive at the targeted company."
Crimson Kingsnake pretends to be a number of different US legal firms, including the following:
- Allen & Overy
- Clifford Chance
- Deloitte
- Dentons
- Eversheds Sutherland
- Herbert Smith Freehills
- Hogan Lovells
- Kirkland & Ellis
- Lindsay Hart
- Manix Law Firm
- Monlex International
- Morrison Foerster
- Simmons & Simmons
- Sullivan & Cromwell
Since these are huge international corporations that have a presence all over the world, the actors believe that their targets would be familiar with them, which gives a sense of legitimacy to the email.
Do Not be a Victim
Phishing emails and corporate email compromise threats are still one of the most common methods for cybercriminals to carry out their operations.
Employees on the receiving end of these emails usually act recklessly and are overworked or distracted. They tend to do things they normally would not do, such as making wire transfers, downloading files and software, clicking the links provided in the email, and other similar activities.
This article is owned by Tech Times
Written by Trisha Kae Andrada