Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

'London Blue' BEC Cybercrime Gang Unmasked

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 5 Dec 2018 06:08:40 +0000 (UTC)
https://www.darkreading.com/endpoint/privacy/london-blue-bec-cybercrime-gang-unmasked/d/d-id/1333391

By Kelly Jackson Higgins
Dark Reading
12/04/2018
BLACK HAT EUROPE 2018 - London - Call it karma or just poor OpSec, but a prolific global cybercrime organization recently blew its cover after inadvertently targeting executives at a security firm.
The infamous Nigerian/UK group behind a rash of business email compromise (BEC) scams found itself on the other side of its own social-engineering scam when it posed as Agari CEO Ravi Kahtod in an Aug. 7 email sent to Raymond Lim, chief financial officer at Agari, an email security company.
Agari today disclosed details of both its unmasking of the group – which it has dubbed "London Blue" – as well as its inner workings. Security researchers at Agari flipped the equation on the attackers in an email exchange by posing as Lim's assistant and drawing out enough details to drill down into the particulars of the group as well as the physical location of its operators in London.
"Our email filter caught [the BEC email]," says Crane Hassold, senior director of threat research at Agari and a former FBI investigator. Hassold's team was ultimately able to extract the information, coupled with its own intel-gathering, to identify the two top execs of the gang, who live in and operate out of London. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: