The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hackers use zero-day to mass-wipe My Book Live devices
June 29, 2021
A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. Last week, we broke the story that Western Digital My Book Live NAS owners suddenly discovered that their stored files had mysteriously disappeared. Unfortunately, the factory reset also reset ...
- REvil ransomware’s new Linux encryptor targets ESXi virtual machines
June 28, 2021
The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. With the enterprise moving to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs increasingly create their own tools to mass encrypt storage used by VMs. In May, Advanced Intel’s Yelisey Boguslavskiy shared a ...
- Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+
June 28, 2021
Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video displays as well as printers. Windows applications don’t directly access graphics hardware such as device drivers, but they interact with GDI, which in turn then interacts with device drivers. In this way, there is an abstraction ...
- Nefilim Ransomware Attack Through a MITRE Att&ck Lens
June 28, 2021
Nefilim is among a new breed of ransomware families that use advanced techniques for a more targeted and virulent attack. It is operated by a group that we track under the intrusion set “Water Roc”. This group combines advanced techniques with legitimate tools to make them significantly harder to detect and respond before it is ...
- Cisco ASA vulnerability actively exploited after exploit released
June 27, 2021
Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter. This Cisco ASA vulnerability is cross-site scripting (XSS) vulnerability that is tracked as CVE-2020-3580. Cisco first disclosed the vulnerability and issued a fix in October 2020. However, the initial patch for CVE-2020-3580 was incomplete, and a ...
- Nobelium hackers accessed Microsoft customer support tools
June 26, 2021
Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent’s computer that exposed customer’s subscription information. Nobelium is Microsoft’s name for a state-sponsored hacking group believed to be operating out of Russia responsible for the SolarWinds supply-chain attacks. In a new blog post published Friday night, ...