The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Estonia hit by ‘most extensive’ cyberattack since 2007 amid tensions with Russia over Ukraine war
August 17, 2022
Estonia was subject to “the most extensive cyberattack” since 2007, the Baltic state’s government said on Thursday, a day after it started removing Soviet-era war monuments from public areas in the wake of Russia’s February invasion of Ukraine. The Russia-based and pro-Russia hacker group Killnet said on the messaging app Telegram that it was responsible for ...
- Switching side jobs: Links between ATMZOW JS-sniffer and Hancitor
August 17, 2022
The hacker group ATMZOW and its JavaScript-sniffer became known in 2020, thanks to the Malwarebytes researchers, when the group installed a JS sniffer on a website that was collecting donations for victims of the Australia bushfires. However, based on a specific obfuscation technique used by the group, we can track its activities back to 2015 as ...
- BlackByte ransomware gang is back with new extortion tactics
August 17, 2022
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. The data leak site only includes one ...
- North Korean hackers use signed macOS malware to target IT job seekers
August 17, 2022
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. While it is no surprise that they’re targeting workers at Web3 companies, details about this specific social engineering campaign so far were limited to malware for the Windows ...
- Malware devs already bypassed Android 13’s new security feature
August 17, 2022
Android malware developers are already adjusting their tactics to bypass a new ‘Restricted setting’ security feature introduced by Google in the newly released Android 13. Android 13 was released this week, with the new operating system being rolled out to Google Pixel devices and the source code published on AOSP. As part of this release, Google attempted ...
- Shuckworm: Russia-Linked Group Maintains Ukraine Focus
August 17, 2022
Recent Shuckworm activity observed by Symantec, a division of Broadcom Software, and aimed at Ukraine appears to be delivering information-stealing malware to targeted networks. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26. The ...