The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Eastern European org hit by second record-smashing DDoS attack
September 16, 2022
Akamai says it has absorbed the largest-ever publicly known distributed denial of service (DDoS) attack – an assault against an unfortunate Eastern European organization that went beyond 700 million packets per second. This latest tsunami of traffic hit on Monday, according to the web infrastructure biz, and we’re told the cybercriminals responsible for the earlier record-setting ...
- CISA Releases Eleven Industrial Control Systems Advisories
September 15, 2022
CISA has released eleven (11) Industrial Control Systems (ICS) advisories on September 15, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-258-01 Siemens Mobility CoreShield OWG Software ICSA-22-258-02 Siemens Simcenter Femap, Parasolid ICSA-22-258-03 Siemens RUGGEDCOM ...
- Webworm: Espionage Attackers Testing and Using Older Modified RATs
September 15, 2022
Symantec, by Broadcom Software, has gained insight into the current activities of a group we call Webworm. The group has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. At least one of the indicators of compromise (IOCs) observed by Symantec was used in an attack against ...
- Self-spreading stealer attacks gamers via YouTube
September 15, 2022
An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye. Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords ...
- Gamaredon APT targets Ukrainian government agencies in new campaign
September 15, 2022
Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part ...
- WordPress-powered sites backdoored after FishPig suffers supply chain attack
September 15, 2022
It’s only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites. We’ll start with FishPig, a UK-based maker of software that integrates Adobe’s Magento ecommerce suite into WordPress-powered websites. FishPig’s distribution systems ...