• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

BEC Groups Target Firms With Multilingual Impersonation Attacks

You are here: Home / General Cyber Security News / BEC Groups Target Firms With Multilingual Impersonation Attacks
February 16, 2023

Two organization email compromise (BEC) teams have been noticed working with government impersonation to carry out attacks on companies worldwide.

The findings appear from security researchers at Irregular Security, who have dubbed the threat actors “Midnight Hedgehog,” specializing in payment fraud, and “Mandarin Capybara,” concentrated on executing payroll diversion attacks.

“Combined, they have released BEC campaigns in at least 13 various languages, such as Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish,” wrote Crane Hassold, the director of menace intelligence at Abnormal.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


More specially, Midnight Hedgehog threat actors investigated their target’s responsibilities and relationship to a certain CEO and then established spoofed email accounts to mimic a authentic account. They were observed focusing on world-wide corporations as early as January 2021.

“Like quite a few payment fraud attacks, the team targets finance administrators or other executives responsible for initiating the company’s financial transactions,” said Hassold.

As for the Mandarin Capybara team, Hassold claimed the group experienced been focusing on corporations using Gmail accounts due to the fact at the very least February 2021.

“Unlike Midnight Hedgehog, which we have only viewed focus on corporations in Europe with non-English messages, Mandarin Capybara has attacked firms around the entire world,” the security researcher defined.

“We’ve observed the team goal American and Australian corporations in English, Canadian organizations in French, and European businesses in eight languages: Dutch, French, German, Italian, Polish, Portuguese, Spanish, and Swedish.”

Even further, Hassold included that although the team generally utilized mule accounts in other international locations, all those were being equivalent to accounts used in payroll diversion attacks targeting US providers.

“Unlike other types of payment fraud BEC attacks, a vast vast majority of payroll diversion attacks use non-common fintech accounts to obtain fraudulent funds,” the security professional wrote.

“Mandarin Capybara has established up mule accounts at European fintech institutions like Revolut, Saurus, Monese, Bunq, and SisalPay to obtain cash from their payroll diversion attacks.”

To secure against attacks like these, Irregular urged corporations to employ behavioral-primarily based security that makes use of machine discovering and synthetic intelligence to fully grasp id concepts.

“Solutions that baseline normal actions can offer the context necessary to figure out when anomalous habits is occurring—no make a difference in which language the attack is despatched.”

The Irregular advisory will come days after a independent report from the team instructed an increase of extra than 81% of BEC attacks worldwide for the duration of 2022 and by 175% about the past two many years.


Some areas of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News City of Oakland Declares State of Emergency After Ransomware Attack
Next Post: Researchers Hijack Popular NPM Package with Millions of Downloads researchers hijack popular npm package with millions of downloads»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz

Copyright © TheCyberSecurity.News, All Rights Reserved.