Shira Landau@Email Security - Blog
//
The FBI has issued a warning regarding a new data extortion scam where criminals are impersonating the BianLian ransomware group. These fraudsters are sending physical letters through the United States Postal Service to corporate executives, claiming their networks have been breached. The letters demand Bitcoin payments in exchange for preventing the release of sensitive company data.
Analysis suggests these letters are fraudulent, and organizations, particularly within the US healthcare sector, are advised to report such incidents to the FBI. Security vendors, including Arctic Wolf and Guidepoint Security, have studied these letters and believe the campaign is a ruse by someone pretending to be BianLian. The letters mimic conventional ransom notes, demanding payments of between $250,000 to $350,000 within 10 days.
This activity highlights the evolving tactics of cybercriminals who are now employing postal mail to target high-profile individuals in an attempt to extort money under false pretenses. The FBI urges companies to implement internal protocols for verifying ransom demands and to remain vigilant against these deceptive practices. It’s crucial for organizations to discern fake attacks from real ones amidst the increasing complexity of cybercrime.
References :
- Arctic Wolf: Self-Proclaimed “BianLian Group� Uses Physical Mail to Extort Organizations
- CyberInsider: Fake BianLian Ransom Notes Delivered to Executives via Post Mail
- DataBreaches.Net: Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters
- www.csoonline.com: Ransomware goes postal: US healthcare firms receive fake extortion letters
- PCMag UK security: Businesses Are Receiving Snail Mail Ransomware Threats, But It's a Scam
- BrianKrebs: Someone has been snail mailing letters to various businesses pretending to be the BianLian ransomware group.
- Cyber Security News: FBI Warns of Data Extortion Scam Targeting Corporate Executives
- gbhackers.com: FBI Warns: Threat Actors Impersonating BianLian Group to Target Corporate Executives
- techcrunch.com: There is no confirmed link between the campaign and the actual BianLian ransomware group, making this an elaborate impersonation.
- thecyberexpress.com: FBI Issues Urgent Warning About Data Extortion Scam Targeting Corporate Executives
- Email Security - Blog: The U.S. Federal Bureau of Investigation (FBI) has recently released an urgent advisory pertaining to a sophisticated email-based extortion campaign.
- Threats | CyberScoop: The FBI is warning business leaders about the scam perpetrated by an unidentified threat group.
- gbhackers.com: The novel approach highlights a shift in extortion tactics.
- Vulnerable U: Executives Receive Fake Snail Mail BianLian Ransomware Notes
- Malwarebytes: Ransomware threat mailed in letters to business owners
- www.scworld.com: The FBI is warning of a ransomware operation targeting C-suite executives via the US Postal Service.
- Cyber Security News: Fake BianLian Ransom Scams Target U.S. Firms Through Mailed Letters
- borncity.com: CISA warning: Cyber criminals (BianLian Groupe) attempt to blackmail executives
- Jon Greig: The FBI warned executives of a new scam where people claiming to be part of the BianLian ransomware gang are mailing physical letters with threats Arctic Wolf said it is aware of at least 20 organizations or executives who have received these letters
- Kali Linux Tutorials: Cyber Threat Group Sends Paper-Based Extortion Letters
- The DefendOps Diaries: Cybercriminals exploit YouTube's copyright system to extort creators, spreading malware and demanding ransoms.
- www.bleepingcomputer.com: Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos.
Classification:
- HashTags: #Ransomware #Extortion #CyberScam
- Company: FBI
- Target: Corporate executives
- Attacker: BianLian Group
- Feature: Extortion letters
- Type: Extortion
- Severity: Medium
info@thehackernews.com (The Hacker News)@The Hacker News
//
The North Korean hacking group known as TraderTraitor, also identified as Jade Sleet, UNC4899, and Slow Pisces, has been linked to the theft of $308 million in cryptocurrency from the Japanese exchange DMM Bitcoin in May. This group, a cryptocurrency-focused element within North Korea's Reconnaissance General Bureau, primarily targets blockchain-related companies. Authorities, including the FBI, the Department of Defense Cyber Crime Center, and the National Police Agency of Japan, confirmed the group's involvement, highlighting TraderTraitor's use of targeted social engineering techniques to infiltrate their victims. The group's known methods also include supply chain attacks and malware deployment.
The FBI outlined the attack chain, which began in March when TraderTraitor members posed as recruiters and contacted an employee at a cryptocurrency wallet software company named Ginco. This led to the deployment of a malicious python script. By exploiting the compromised employee's access, the hackers manipulated a legitimate DMM transaction request, resulting in the theft of 4,502.9 Bitcoin, valued at $308 million at the time. The stolen funds were then moved to TraderTraitor-controlled wallets. This incident led DMM Bitcoin to restrict its services following the hack, until the completion of investigations.
References :
- The Hacker News: The Hacker News reports on North Korean hackers stealing $308M in Bitcoin from DMM Bitcoin.
- www.bleepingcomputer.com: The North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May.
- www.coindesk.com: US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk)
- BleepingComputer: The North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May.
- : FBI : This is not much of a cybersecurity advisory: The Federal Bureau of Investigation, Department of Defense Cyber Crime Center (DC3), and National Police Agency of Japan linked the theft of cryptocurrency worth $308 million U.S. dollars from the Japan-based cryptocurrency company DMM to North Korea's . They also confirmed different private industry threat actor names: , , and . TraderTraitor is a cryptocurrency-focused element within the Reconnaissance General Bureau (RGB), that primarily targets blockchain-related companies (and related vendors).
- COINOTAG NEWS: Coinotag reports about the 48.2 Billion Yen Bitcoin theft linked to North Korea.
- ciso2ciso.com: US and Japan Blame North Korea for $308m Crypto Heist
- www.techmeme.com: US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk)
- securityonline.info: North Korean Cyber Actors TraderTraitor Steal $308 Million in Cryptocurrency: DMM Breach Unveiled
- Techmeme: US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk)
- Techmeme: US and Japanese law enforcement say North Korean hackers were responsible for stealing 4,502.9 bitcoin, worth $308M, from Japanese exchange DMM in May 2024 (Sheldon Reback/CoinDesk)
- ciso2ciso.com: FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024
- securityaffairs.com: DMM Bitcoin $308M Bitcoin heist linked to North Korea
- osint10x.com: North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
- securityonline.info: North Korean Cyber Actors TraderTraitor Steal $308 Million in Cryptocurrency: DMM Breach Unveiled
- ciso2ciso.com: DMM Bitcoin $308M Bitcoin heist linked to North Korea – Source: securityaffairs.com
- www.scworld.com: Suspected Lazarus subgroup behind DMM crypto heist
- Cybernews: A gang of North Korean-affiliated threat actors stole $308 million worth of cryptocurrency from a Japanese crypto company.
- Bitcoin News: FBI Links North Korean Hackers to $308 Million DMM Exchange Breach
- therecord.media: The FBI blamed the theft of $300 million from Japanese crypto platform DMM on hackers from North Korea
Classification:
- HashTags: #CryptoHeist #NorthKoreanHackers #TraderTraitor
- Company: DMM Bitcoin
- Target: DMM Bitcoin
- Attacker: TraderTraitor
- Product: Bitcoin
- Feature: cryptocurrency theft
- Type: Hack
- Severity: Major
|
|
FlagThis - #bitcoin
