The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Clop, LockBit ransomware gangs behind PaperCut server attacks
April 26, 2023
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Read more… Source: Bleeping Computer
- Cyber Chiefs Forge Partnerships With Physical Security Units As Combined Threats Grow
April 26, 2023
Cyberattacks are blurring the lines between physical and digital risks, forcing cybersecurity and physical security chiefs to work closely together to combat threats, executives say. Cyber-physical threats, where an attack on computer systems might cause damage to property or people, or vice versa, have long been a concern for companies in the defense-industrial base, power and ...
- Cisco discloses XSS zero-day flaw in server management tool
April 26, 2023
Cisco disclosed today a zero-day vulnerability in the company’s Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks. This server management utility enables admins to perform migration or upgrade tasks on servers in their organization’s inventory. Read more… Source: Bleeping Computer
- Chinese Alloy Taurus Updates PingPull Malware
April 26, 2023
Unit 42 researchers recently identified a new variant of PingPull malware used by Alloy Taurus actors designed to target Linux systems. While following the infrastructure leveraged by the actor for this PingPull variant, we also identified their use of another backdoor we track as Sword2033. The first samples of PingPull malware date back to September 2021. ...
- Irrigation Systems in Israel Hit With Cyber Attack That Temporarily Disabled Farm Equipment
April 25, 2023
A cyber attack that targeted irrigation systems in Israel is thought to be part of an annual “hacktivist” campaign that takes place every April, and this year’s attempt at least managed to cause a nuisance for some farms in the Jordan Valley. The hackers targeted both farms and wastewater treatment plants. They seemingly had little success ...
- Abuse of the Service Location Protocol May Lead to DoS Attacks
April 25, 2023
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS ...