Die Sicherheitsfirma „Checkpoint“ berichtet von einer neuer Hacker-Gruppierung, die seit Dezember 2019 ihre Opfer im Finanzsektor längerfristig ausspioniert, dabei sehr detaillierte Informationen über Mitarbeiter und ihre Rollen im Unternehmen sammelt und danach mit einer ausgeklügelten „Business Email Compromise“-Betrugsmethode attackiert.
Der Schaden bei englischen und israelischen Finanzdienstleistern soll bis dato USD 1,3 Mio. betragen. Angriffsvektoren sind ein „Office 365“ Phishing-E-Mail sowie die Verwendung von gefälschten Domains:
On December 16 2019, Check Point’s Incident Response Team (CPIRT) was engaged by three firms in the finance sector to investigate fraudulent wire transfers sent from their joint bank account. Four separate bank transactions attempted to transfer 1.1M GBP to unrecognized bank accounts. Emergency intervention with the banks allowed for the recovery of only £570K, leaving the rest as permanently lost funds. If this scary scenario sounds familiar to you, it is because not so long ago, we released a report about a similar case investigated by CPIRT – An incident where attackers were able to divert $1M of funds, which were supposed to be transferred from a Chinese venture capital to an Israeli startup company. In the following investigation we unravel the story behind the threat group we dubbed “The Florentine Banker” and shed light on how these types of sophisticated Business Email Compromise (BEC) attacks take place; from how the attackers monitor their victims for months, to how they gradually divert hundreds of thousands of dollars from unsuspecting organizations, into their own pockets. [...] The targeted organizations are three large, UK and Israeli based finance sector firms – often handling and transferring large sums of money to new partners and third-party providers on a weekly basis.
https://research.checkpoint.com/2020/ir-case-the-florentine-banker-group/
