The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Voice cloning of growing interest to actors and cybercriminals
July 12, 2021
As voice cloning technology has become ever more effective, it is of increasing interest to actors… and cybercriminals. When Tim Heller first heard his cloned voice he says it was so accurate that “my jaw hit the floor… it was mind-blowing”. Voice cloning is when a computer program is used to generate a synthetic, adaptable copy of ...
- Lazarus Targets Job-Seeking Engineers with Malicious Documents
July 9, 2021
The notorious Lazarus advanced persistent threat (APT) group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for months with engineering targets in the United States and Europe, according to a report published online by ...
- Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign
July 8, 2021
A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans (RATs) for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious attachments are used to drop various RATs on infected machines, including Agent Tesla, AZORult, Formbook, Loki ...
- Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)
July 8, 2021
Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client machine that runs the Windows Print Spooler service. This service is ...
- Critical Sage X3 RCE Bug Allows Full System Takeovers
July 7, 2021
Four vulnerabilities afflict the popular Sage X3 enterprise resource planning (ERP) platform, researchers found – including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with potential supply-chain ramifications, they said. Sage X3 is targeted at mid-sized companies ...
- WildPressure targets the macOS platform
July 7, 2021
Our previous story regarding WildPressure was dedicated to their campaign against industrial-related targets in the Middle East. By keeping track of their malware in spring 2021, we were able to find a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant with the same version (1.6.1) and a set of modules that ...