Crypto giveaway scams continue to soar: Group-IB has noted a fivefold increase in the number of domains used for #crypto giveaway #scams that involve fake #YouTube streams in the first half of 2022: bit.ly/3eWN0eL
According to Group-IB, 63% of the new fraudulent domain names were registered with Russian registrars, but the #fake websites are primarily designed to target English and Spanish-speaking #crypto investors in the US and other countries: bit.ly/3eWN0eL
In the first six months of 2022, @CERTGIB identified more than 2,000 domains registered explicitly to be used as #fake promotion websites. This figure increased almost five-fold compared to the second half of 2021 and 53-fold in comparison with H1 2021: bit.ly/3eWN0eL
#Scammers keep up with the latest headlines. One of the names most recently used as bait was Nayib Bukele, 43rd president of El Salvador. In 2021 El Salvador became the first country to adopt #bitcoin as the national currency: bit.ly/3eWN0eL
The phenomenal growth of fake #crypto giveaways can be explained by a significantly enhanced arsenal and availability of tools for crypto #scammers, even with low technical skills. Want to learn more? Check out our website➡️ bit.ly/3eWN0eL
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Hello @Uber! We know breaches suck. Wanted to reach out and support with some interesting information on the #uberhack. If you need any more details, feel free to contact us.
On September 16, vx-underground posted screenshots with evidence of access to #Uber internal systems, including #SentinelOne, #Slack and #AWS. The screenshots have been attributed to the threat actor teapots2022.
During Group-IB’s analysis of the screenshots, interesting artifacts have been found in the recently downloaded files tray. First 2 files are zip archives and have the same format: "LOGID-\d{7} with names LOGID-4952307" and "LOGID-4953756".
About a week ago, @TalosSecurity team shared some insights related to a recent cyber attack on @Cisco. According to Indicators of compromise, mentioned in this article (bit.ly/3K76lFJ), we have known this group of attackers since the beginning of 2022.
Group-IB's researchers has discovered their TTPs in a series of attacks using #CobaltStrike, #Sliver and #Covenant tools. Our internal name of this group is #TridentCrow.
One of the domains that was published by @Cisco (ciscovpn2[.]com) has a self-signed SSL certificate with unique values. According to Group-IB Threat Intelligence database, out of more than 2 billion certificates, only 39 have similar values and mimic well-known IT companies.