HQ/EMEAFind out how we can help your business
A new threat group called Crimson Kingsnake has been seen launching business email compromise (BEC) attacks to victimise targets by impersonating international law firms and tricking them into approving overdue invoice payments.
The victims or recipients in this campaign are pressured into paying the purported overdue invoices since the notice came from the mimicked large international law firms.
The first discovery of the campaign was last March when researchers found 92 malicious domains run by the Crimson Kingsnake group.
These malicious domains are set up as law firm websites, almost identical to the legitimate ones being impersonated. The hackers utilise typosquatting tactics to send out phishing emails to the victim recipients, using a URL that looks legitimate but has typographical errors in them.
Usually, many phishing emails display poor grammar and message construction, which immediately show their fraudulence. With the Crimson Kingsnake BEC campaign, the emails are crafted expertly and have a punctual writing structure to lure recipients into believing its legitimacy.
Reports reveal that some of the major law firms imitated by the Crimson Kingsnake BEC campaign are Allen & Overy, Deloitte, Kirkland & Ellis, Lindsay Hart, Morrison Foerster, MONLEX International, and Sullivan & Cromwell, among others.
On the other hand, experts say that the recent activities of the threat group are considered “blind BEC attacks” since they do not target specific regions or industry sectors but distribute them randomly to those who could fall into the bait.
People who respond and inquire more about the received email from the Crimson Kingsnake are replied with more information from a fake ‘executive’ from the mimicked law firm, which eventually could trick and pressure the victim into falling prey.
Some instances end up with victims expressing resistance or doubt, although the group counters them with a detailed response, applying social engineering tactics from the so-called executive. Furthermore, the experts said that some email platforms fail to detect and flag an email as malicious or dangerous, which could contribute to the threat group’s successful campaigns.
While BEC attacks are only a fraction of the entire phishing sphere laid by a massive pool of threat actors, security experts still warn people to be cautious and alert. These threat groups are becoming increasingly cleverer with their operations; thus, being extra vigilant could help avoid being a victim of such campaigns.
