It seems Russian hackers are up to no good again: an emerging group of scammers posing as legitimate business execs has orchestrated more than 200 email-based attacks designed to swindle Fortune 500 companies out of hundreds of thousands of dollars.
The bandits, dubbed “Cosmic Lynx” by researchers from security firm Agari, have targeted individuals in 46 countries since July 2019, CyberScoop reports. The attackers often impersonated senior execs from Fortune 500 and Global 2000 companies to request wire transfers or other forms of payment.
The malicious tactic is more commonly known as a business email compromise (BEC) scam. In fact, the FBI revealed victims lost an astounding $1.7 billion to BEC scams in 2019 alone.
Cosmic Lynx’s modus operandi involves identifying a real company, which is about to complete an acquisition. Disguised as the CEO of the firm being acquired, the attackers then contact a top exec at the target company and introduce them to an “external legal counsel” to complete the payments.
The “legal counsel,” in turn, introduces the target exec to another persona, posing as a legitimate British lawyer, specializing in mergers and acquisitions. The “lawyer” then emails the victim company, usually in a separate thread, with details on how to finalize the transaction.
Unlike most BEC campaigns, which tend to be riddled with typos and improper grammar, Cosmic Lynx has a much better command of English, the researchers note. The hackers also seem to successfully blend thoughtful COVID-19 salutations and buzzwordy corporate lingo like “synergistic” in their messages.
“Within every crises, the seeds of opportunity are sowed,” one message said. “I am please to share that we are seizing the moment and are pressing ahead to acquire the assets of a distressed company. Our legal team is currently working on closing the transaction and I need you to work closely with them on certain time-sensitive issues.”
Agari’s research team believes the Cosmic Lynx group originates from Russia based on its use of TrickBot and Emotet malware. Many of the attacks were also launched during peak hours in Russia.
The researchers don’t have a clear idea of how often Cosmic Lynx actually succeeds in duping businesses, but it reckons the scammers have made off with a decent chunk of cash based on the group’s recent activity. In one instance, the group instructed a victim to send over $1.5 million as part of a transaction.