The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- DeathStalker targets legal entities with new Janicab variant
December 8, 2022
“Dosen’t matter how long you wait for the bus on a rainy day, X seconds was enough to get wet?” Just to clarify, the above subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). While hunting for less common Deathstalker intrusions that use ...
- US Health Dept warns of Royal Ransomware targeting healthcare
December 8, 2022
The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country’s healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center (HC3) —HHS’ security team— revealed in a new analyst note published Wednesday that the ransomware group has been behind ...
- Cisco discloses high-severity IP phone bug with exploit code
December 8, 2022
Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks. The company warned on Thursday that its Product Security Incident Response Team (PSIRT) is “aware that proof-of-concept exploit code is available” and that the “vulnerability has been publicly ...
- Internet Explorer 0-day exploited by North Korean actor APT37
December 7, 2022
To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. This blog will describe a 0-day vulnerability, discovered by TAG in late October 2022, embedded in malicious documents and used to target users in South Korea. TAG attributes this activity to a group of North Korean government-backed actors known ...
- DEV-0139 launches targeted attacks against the cryptocurrency industry
December 6, 2022
Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but Microsoft researchers have also observed threat actors directly targeting organizations within the cryptocurrency industry for financial gain. Attacks ...
- Industry 4.0: CNC Machine Security Risks – Part 3
December 6, 2022
In this final installation of Trend Micro three-part blog series, Trend Micro researchers lay out countermeasures that enterprises can do to protect their machines. They’ll also discuss their responsible disclosure as well as the feedback they got from the vendors they evaluated. Countermeasures Trend Micro found that only two of the four vendors analyzed support authentication. Neither ...