Threat actor targeting UK banks in ongoing AnyDesk social engineering campaign
Aug. 9, 2024, 12:12 p.m.
Tags
External References
Description
Threat analysts are tracking an ongoing campaign that employs fake websites and social engineering tactics to distribute a malicious version of the AnyDesk remote access software to Windows and macOS users. Once installed on a victim's machine, it is being utilized to steal data and money. The campaign primarily targets UK banks like HSBC, Natwest, Lloyds, Santander, and Virgin Money, as well as Avast, Ledger, and Wise.
Date
Published: Aug. 9, 2024, 11:45 a.m.
Created: Aug. 9, 2024, 11:45 a.m.
Modified: Aug. 9, 2024, 12:12 p.m.
Indicators
193.143.1.14
91.215.85.79
wisebanksupport.com
wise-chatonline.com
viriginmoneychatonline.com
virginmoneyonlinechat.com
virginmoneylivehelp.com
virginmoneychatonline.com
virginmoney-onlinechat.com
virginmoney-help.com
virginmoney-online.com
virginmoney-chatonline.com
virginmoney-chat.com
remotesupport.help
natwestonlinesupport.com
natwestlivechathelp.com
natwestchathelp.com
natwestchat.com
lloydsbankhelp.com
liveapp-support.com
ledgeronlinehelp.com
ledgerhelpwithmydevice.com
ledgerhelponline.com
ledger-webapp.com
hsbcliveportal.com
hsbchelponline.com
helpbusinessonline-boi.com
hsbchelp.com
ezjay-krasivo.ru
cooponlinechat.com
boionlinehelp.com
boihelponline.com
boi-support.com
boi-chat.com
barclayswebhelp.com
barclays-online-support.com
bankofirelandonlinehelp.com
bankofirelandhelpportal.com
avastvx.com
avastsp.com
avastsgp.com
avastpst.com
avastsf.com
avastnw.com
avastga.com
avastcv.com
avastcsw.com
anz-livechatsupport.com
anzsupport-livechat.com
anz-help.com
Attack Patterns
AnyDesk
T1200
T1071.004
T1528
T1059.001
T1572
T1497
T1071.001
T1105
T1055
T1219
T1498
T1204
T1566
T1059
Additional Informations
Finance
United Kingdom of Great Britain and Northern Ireland