Silent Starling: Email security firm Agari has discovered a new business email compromise (BEC) scam from a cyber gang who they are calling Silent Starling. The group has managed to compromise the accounts of 700 employees of over 500 companies in 14 different countries. The group will carry out a standard BEC attack, but this time targeting employees at vendor companies. Because of this twist in the attack, Agari has started calling this type of attack Vendor Email Compromise (VEC). The group consists of at least three members from Nigeria, and possibly eight other associates around the world. The group will spend its time compromising email accounts of employees through one of their 70 different phishing websites and spying on what they are doing. While gathering intelligence on their targets, they are also following all of the email communication the vendor is having with their clients, waiting for their time to strike. When the group sees fit, they will jump into the middle of a communication chain, sending out a fake email through the compromised account that will ask the client to pay an invoice. The invoice that the group sends looks identical to the actual invoice the companies send but instructs the victim to send their payment to the attackers as opposed to the actual vendor. Because the group has patience and waits for the right time to send an email, they find a perfect time that does not trigger any flags for the client and because the timeline fits, they typically will pay without any questions.
Analyst Notes
This type of attack brings the rate of success way up for a threat group. Because the group is waiting for the perfect time to reach out to the client, they will not think anything is wrong, whereas if the group just randomly sent invoices to people there is a lower chance to trick them into paying it. This is another example of how threat actors are adapting to a changing landscape now because more companies are carrying out security training and teaching employees how to spot phishing emails. The threat actors must put more effort into an attack, such as gather intelligence and patiently wait for the right time to strike.
