Silent Starling: Email security firm Agari has discovered a new business email compromise (BEC) scam from a cyber gang who they are calling Silent Starling. The group has managed to compromise the accounts of 700 employees of over 500 companies in 14 different countries. The group will carry out a standard BEC attack, but this time targeting employees at vendor companies. Because of this twist in the attack, Agari has started calling this type of attack Vendor Email Compromise (VEC). The group consists of at least three members from Nigeria, and possibly eight other associates around the world. The group will spend its time compromising email accounts of employees through one of their 70 different phishing websites and spying on what they are doing. While gathering intelligence on their targets, they are also following all of the email communication the vendor is having with their clients, waiting for their time to strike. When the group sees fit, they will jump into the middle of a communication chain, sending out a fake email through the compromised account that will ask the client to pay an invoice. The invoice that the group sends looks identical to the actual invoice the companies send but instructs the victim to send their payment to the attackers as opposed to the actual vendor. Because the group has patience and waits for the right time to send an email, they find a perfect time that does not trigger any flags for the client and because the timeline fits, they typically will pay without any questions.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased