The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New APT hacking group leverages ‘KilllSomeOne’ DLL side-loading
November 5, 2020
A new, Chinese advanced persistent threat (APT) group making the rounds performs DLL side-loading attacks including the phrase “KilllSomeOne.” According to Sophos researcher Gabor Szappanos, the group — suspected to be of Chinese origin — is targeting corporate organizations in Myanmar using poorly-written English messages relating to political subjects. Side-loading utilizes DLL spoofing to abuse legitimate Windows ...
- QBot phishing lures victims using US election interference emails
November 4, 2020
The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features actively used since at least 2009 to steal financial data and ...
- As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor
November 4, 2020
As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim to the cybercriminals over the past year. What has separated Maze in the past from many other ...
- VMware Issues Updated Fix For Critical ESXi Flaw
November 4, 2020
VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’s because certain versions that were affected were not previously covered in the earlier ...
- Ransomware-as-a-Service Becomes Increasingly Accessible via Social Media and Open Sources
November 4, 2020
Hackers need not search the dark web for access to their very own ransomware platforms these days. Cybercriminals are continually finding new ways to promote their underground businesses and gain the attention of new customers and novice hackers. Several threat actors have recently taken to popular social media and open sources like YouTube, Vimeo, and Sellix ...
- REvil ransomware gang ‘acquires’ KPOT malware
November 4, 2020
The operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month. The sale took place after the KPOT malware author decided to auction off the code, desiring to move off to other projects. The sale was organized as a public auction on ...