The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies
December 18, 2020
Microsoft has become the latest victim of the ever-widening SolarWinds-driven cyberattack that has impacted rafts of federal agencies and tech targets. Its president, Brad Smith, warned late Thursday to expect many more victims to come to light as investigations continue. Adversaries were able to use SolarWinds’ Orion network management platform to infect users with a stealth ...
- Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware
December 18, 2020
Trend Micro researchers have recently encountered a Negasteal (also known as Agent Tesla) variant that used hastebin for the fileless delivery of the Crysis (also known as Dharma) ransomware. This is the first time that we have observed Negasteal with a ransomware payload. Only a few months ago, Deep Instinct published the first reported case of ...
- SUPERNOVA: SolarStorm’s Novel .NET Webshell
December 17, 2020
The SolarStorm actors behind the supply chain attack on SolarWinds’ Orion software have demonstrated a high degree of technical sophistication and attention to operational security, as well as a novel combination of techniques in the potential compromise of approximately 18,000 SolarWinds customers. As published in the original disclosure, the attackers were observed removing their initial ...
- FireEye, Microsoft create kill switch for SolarWinds backdoor
December 17, 2020
Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself. This past weekend it was revealed that Russian state-sponsored hackers breached SolarWinds and added malicious code to a Windows DLL file used by their Orion IT monitoring platform. This malicious DLL is a backdoor ...
- This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators
December 17, 2020
A Remote Access Trojan (RAT) on sale in underground forums has evolved to abuse Tor when maintaining persistence on infected machines. On Thursday, Sophos Labs’ Sivagnanam Gn and Sean Gallagher revealed ongoing research into the malware, which has been in the wild since 2019. Dubbed SystemBC, the RAT has evolved from acting as a virtual private network ...
- New Goontact spyware discovered targeting Android and iOS users
December 16, 2020
Security researchers have discovered a new malware strain with spying and surveillance capabilities —also known as spyware— that is currently available in both Android and iOS versions. Named Goontact, this malware has the ability to collect from infected victims data such as phone identifiers, contacts, SMS messages, photos, and location information. Detected by mobile security firm Lookout, ...