Russia-linked crypto threat actor involved in political spoofing tracked
Sept. 20, 2024, 12:18 p.m.
Tags
External References
Description
A Russia-linked threat actor is deploying domains for crypto scams targeting the US Presidential Election and prominent tech brands. The scams involve fake Bitcoin and Ethereum giveaways, asking users to send coins to attacker-controlled wallets with false promises of doubling returns. A large cluster of domains featuring US political figures, business leaders, and global brands has been discovered, using counterfeit legal letters from US agencies to add legitimacy. Targets include Donald Trump, Kamala Harris, Tim Cook, Elon Musk, and others. The campaign involves spoofed websites, CAPTCHA protection, and chat functions. Some domains feature Russian language content. The threat actor uses Cloudflare for hosting and has registered domains with a Russian email address.
Date
Published: Sept. 20, 2024, 11:42 a.m.
Created: Sept. 20, 2024, 11:42 a.m.
Modified: Sept. 20, 2024, 12:18 p.m.
Indicators
musk.trump.io
trumpdebate24.com
debate.gives
cryptologic.online
btcstarship.com
apple-event2024.com
Attack Patterns
T1584.006
T1583.006
T1608.004
T1566.003
T1586.002
T1583.001
T1585.002
T1566.002
Additional Informations
Technology
Finance
Government
United States of America
Russian Federation