Russia-linked crypto threat actor involved in political spoofing tracked

Description

A Russia-linked threat actor is deploying domains for crypto scams targeting the US Presidential Election and prominent tech brands. The scams involve fake Bitcoin and Ethereum giveaways, asking users to send coins to attacker-controlled wallets with false promises of doubling returns. A large cluster of domains featuring US political figures, business leaders, and global brands has been discovered, using counterfeit legal letters from US agencies to add legitimacy. Targets include Donald Trump, Kamala Harris, Tim Cook, Elon Musk, and others. The campaign involves spoofed websites, CAPTCHA protection, and chat functions. Some domains feature Russian language content. The threat actor uses Cloudflare for hosting and has registered domains with a Russian email address.