HQ/EMEAFind out how we can help your business
Chenlun, a notorious threat actor specialising in phishing attacks, has an ongoing sophisticated operation. Initial reports revealed that this threat actor sends its targets SMS messages impersonating trusted brands such as Amazon.
This hacker started making a name for itself last year after tricking users into disclosing sensitive information by using USPS delivery alerts during the holiday season. Its current phishing operation, which commenced last month, includes messages that warn users about unusual account activity and prompt them to verify their accounts using fake links.
Chenlun developed a new phishing tactic that is more elusive than its USPS smishing campaign last year.
The new Chenlun campaign has evolved significantly compared to last year’s. Reports claimed that the threat actor’s new operation includes increasingly intricate ways to bypass detection and upscale its phishing campaigns.
In addition, the critical component of this technique is using domain generation algorithms (DGAs), which constantly produce new domain names. This new strategy makes it more difficult for security solutions to ban suspicious domains.
Further investigation also noticed that the threat actor’s domain infrastructure move significantly improved the current campaign since last year’s smishing attempts relied on precise domain patterns like those used by USPS.
The researchers also noted that these domains are now simpler in structure and use various registrars and name servers. Many new domains were identified to originate from NameSilo and DNSOwl, indicating a change away from Alibaba Cloud’s DNS service, which the attackers previously favoured.
This new tactic helps conceal fraudulent behaviour and makes it more difficult for security researchers to detect and trace phishing URLs. The researchers also discovered that Chenlun’s techniques now rely on various aliases. These aliases, linked by the same phone number, lead to more than 700 domains, many of which are still active.
Chenlun has been a prominent phishing-exclusive cybercriminal group that has shown its sophistication. However, the modifications in the new campaign imply that security practitioners and infrastructure providers have successfully reverse-engineered their operation, forcing Chenlun to adopt more complex obfuscation tactics.
Users should be more wary of these phishing attempts and knowledgeable about the new trends that various hackers employ in their operations to protect sensitive information from these threats.
