The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Lazarus on the hunt for big game
July 28, 2020
We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our ...
- Cerberus Android malware source code offered for sale for $100,000
July 27, 2020
The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money. The price includes everything from source code to customer list along with installation guide and the scripts to make components work together. For at least one year, the group behind ...
- Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
July 27, 2020
Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data. Patches for the vulnerability (CVE-2020-3452) in question, which ranks 7.5 out of 10 on the CVSS scale, were released last Wednesday. However, attackers have since been targeting vulnerable versions of the software, ...
- CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware
July 27, 2020
Cyber-security agencies from the UK and the US have published today a joint security alert about QSnatch, a strain of malware that has been infecting network-attached storage (NAS) devices from Taiwanese device maker QNAP. In alerts by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), ...
- Garmin obtains decryption key after ransomware attack
July 27, 2020
Smartwatch maker Garmin has obtained the decryption key to recover its computer files from a ransomware attack last Thursday, Sky News has learned. Last week, Garmin’s services were taken offline after hackers infected the company’s networks with a ransomware virus known as WastedLocker. A number of the company’s services are operational again and the business has now ...
- Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)
July 27, 2020
A security issue assigned CVE-2020-8558 was recently discovered in the kube-proxy, a networking component running on Kubernetes nodes. The issue exposed internal services of Kubernetes nodes, often run without authentication. On certain Kubernetes deployments, this could have exposed the api-server, allowing an unauthenticated attacker to gain complete control over the cluster. An attacker with this ...