New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Newly Discovered Lilac Wolverine Associated with Gift Card Scams

A newly found group named Lilac Wolverine has been associated with BEC gift card scams that resulted in the compromise of personal email accounts. The group is highly centralized in Nigeria, a place that is historically popular among BEC actors. As reported by Abnormal Security, Lilac Wolverine’s overall attack tactics are like Vendor Email Compromise (VEC) attacks, except that instead of targeting businesses, the group goes after personal email accounts. Targeted email accounts are hosted on AOL, Yahoo, BellSouth, Verizon, and Rogers webmail services. Rather than sending messages directly from the compromised accounts, the group spoofs the contact details from the compromised accounts as a part of its infection chain process. The unsolicited emails appear to ask for a favor by asking the target to purchase gift cards for a friend’s birthday from Amazon. Sometimes, these messages also include sensitive topics, such as the birthday of a fictional friend who has cancer or a lost loved one to COVID-19, to manipulate the recipients into sharing the gift cards. Lilac Wolverine typically requests easily available cards that recipients are likely familiar with, including Amazon, Apple, and Google Play, at amounts ranging from $100 to $500 per request.

Analyst Notes

Gift card email scams still work as cyber criminals know how to exploit users’ emotions. Therefore, be cautious of such unsolicited emails that carry an emotionally charged plea to help someone who does not exist. Having good email security measures also helps block such emails from reaching inboxes.