"Crimson Kingsnake Threat Actors Impersonate Global Law Firms in BEC Attacks"

Researchers have discovered a new Business Email Compromise (BEC) group that has impersonated legitimate attorneys, law firms, and debt collection services to con accounting employees into paying fake invoices. The group, dubbed Crimson Kingsnake by Abnormal Security researchers, targets businesses in the US, Europe, the Middle East, and Australia. Since March, researchers have identified 92 domains linked to Crimson Kingsnake that have mimicked the domains of 19 law firms and debt collection agencies in the US, the UK, and Australia, including major global practices such as Deloitte. According to Crane Hassold, director of threat intelligence at Abnormal Security, researchers were able to associate multiple non-proxy IP addresses to members of the group, indicating that at least some of the actors are based in the UK. Although Nigeria remains the main epicenter for BEC actors, other countries such as South Africa, the United Arab Emirates, Turkey, and the UK are slowly emerging. BEC continues to cost businesses millions of dollars, with the Internet Crime Complaint Center (IC3) reporting that BEC and email account compromise victims lost nearly $2.4 billion in 2021, and a recent Abnormal Security report highlighting that BEC attacks increased by 84 percent. The profitability of these types of attacks stems from various tactics relying on social engineering and emotional manipulation to instill fear in victims. Crimson Kingsnake attackers first send an email impersonating real-life attorneys from legitimate law firms, referencing an allegedly overdue payment owed by the target to the firm they represent. Then, to add legitimacy to the scam, the BEC group employs email spoofing. When a victim responds, the threat actor responds with payment account information in the form of a PDF invoice, which includes a bill number, bank account information, and the company's actual VAT ID. According to the researchers, the BEC group may even be using altered versions of legitimate invoices used by impersonated firms. This article continues to discuss findings surrounding the new Crimson Kingsnake BEC group.

Decipher reports "Crimson Kingsnake Threat Actors Impersonate Global Law Firms in BEC Attacks"