Cosmic Lynx: A new Russian cybercrime group named Cosmic Lynx has been targeting Fortune 500 companies over the past year in a new BEC (Business Email Compromise) scam. Most BEC scams come from Nigerian actors and will target companies, no matter the size, relying on basic social engineering tactics to trick their victims into completing fraudulent wire transfers for financial gain. In this newest campaign, the Russian actors utilize a creative and complex phishing scheme to trick top-level managers at large, multi-national companies into completing wire transfers averaging over one million US dollars each. The group is responsible for over 200 different attacks. The two-step attack begins by the threat actor imitating the CEO of the target company asking the mangers to close an acquisition with a Chinese company. The email instructs the recipient that they will be working with a lawyer in the United Kingdom to finalize the transaction. In the second step of the attack, the threat actor pretends to be the lawyer from the United Kingdom by hijacking the identity of a real lawyer and instructs the original victim where to send the money via wire transfer. By registering fake domains, the threat actor sets up a legitimate-looking website to impersonate a real law firm. Most BEC attacks target companies for tens of thousands of dollars but in the case of Cosmic Lynx, they are attempting to extort an average of $1.27 million USD from their victims. The level of technical ability is higher with Cosmic Lynx versus other BEC scammers and they control the entire email infrastructure that is being used. Cosmic Lynx has been linked to the Russian criminal underground through the overlap of IP addresses used in the BEC scheme that have also been used in Android click fraud scams and Trickbot campaigns by Russian criminals.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.