← All Threat Actors
Threat Actor Profile

PoisonSeed

No known aliases in database
▲ High Threat
PoisonSeed is a threat actor employing an MFA-resistant phishing kit to acquire credentials from individuals and organizations, primarily targeting email infrastructure for cryptocurrency-related spam. They utilize spear-phishing emails with malicious links, automate bulk downloading of email lists, and capture authentication cookies to bypass MFA. PoisonSeed has been linked to campaigns that exploit cross-device sign-in features and employ tactics such as cryptocurrency seed phrase poisoning. Their infrastructure includes domains registered through NICENIC and hosted on Cloudflare, with a focus on phishing CRM and bulk email provider credentials.
Origin

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD