Sextortion Scammers Sent Organizations Bomb Scare Emails Demanding Bitcoin

cageymaru

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,087
Sextortion scammers sent multiple organizations emails containing bomb threats yesterday. The perpetrators threatened to injure multitudes of people in the buildings where the emails were opened, if their demands for a $20,000 Bitcoin payment were not met. Previously these sextortion emails would threaten to dump acid on the victim, expose a dark secret, release an explicit video of them or physically beat them up. Cisco Talos says that none of the companies that were sent bomb scares paid the extortionists.

So far, all of the samples Talos has found to be associated with the bomb threat attack were sent from IP addresses belonging to the domain registrar and hosting company reg.ru, suggesting that the attackers in this case may have compromised credentials for domains that are hosted at this particular domain registrar. Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign. In those cases, the attackers sent out emails claiming to have compromising videos of the victim and will release them to the public unless the attacker receives a Bitcoin payment.
 
My dad was at a place in northern Ohio for work yesterday and he was telling me they sheltered in place and then an hour and a half went by and a sheriff showed up with one dog. Cleared a million sqft building in 20 minutes, lol.
 
We had to evacuate our office and work from home the rest of the day today because of this shit.
 
c3k said:
Who falls for this stuff?
Click to expand...

These are a little different because they actually share some piece of your information that they shouldn't have like the password to the email account you got the message in. This makes the recipient alot more likely to believe they have been compromised since technically they have, but not to the extent that the message claims. At my work i got 2 calls from people who got these emails and the message came from their email address (spoofed) but it had their password for some account they had been using at some point, so understandably they were concerned.

Edit: I'm talking more about the sextortion variation of this attack
 
Unfortunately there are a couple issues here as to why this was 'successful' in causing evacuations.

1) Total lack of any kind of security awareness of the people receiving these emails. They don't realize it's fake, they see 'bomb threat' and react accordingly

2) Litigious society - Most companies are absolutely terrified of being held liable, if they received this email and didn't evacuate and something actually happened, they'd be on the hook for untold amounts of damages

Most cyber security aware individuals could read this and know it was fake in one pass over its contents. The grammatical errors, asking for bitcoin, etc., are all red flags to its credibility.
 
Seems more like a trial/test run to gauge success rate or political and or commercial impact. Too widespread and random...
 
haste. said:
Seems more like a trial/test run to gauge success rate or political and or commercial impact. Too widespread and random...
Click to expand...

I'd second this. My worry is someone might pull a inverted Boy who cried wolf and eventually it does turn out to have an explosive planted somewhere. However, given the sloppiness here, I doubt they would be capable of pulling off something as smart as that.
 
Someone at my place of business called the cops because of getting that email causing an evacuation of my building. Made me miss an important meeting. I should go break their shit.
 
Galvin said:
Stuff like this works. Cause we're hitless since 9/11
Click to expand...
I thought people stopped using 9/11 as some bargaining chip or excuse 5 years ago.

No, it always was and is the same: Scam only works if there is someone to fall for it.
 
Until they actually blow something up, they have no credibility. Until they actually show me a picture of me from "my webcam", they're junk mail. BUT, you'd think this would be the kind of thing the NSA could make themselves USEFUL with. If they claim they're in a foreign country, they're a legitimate target. If they claim they're domestic, they'd have to work with the FBI. Big deal.
 
viscountalpha said:
I'd second this. My worry is someone might pull a inverted Boy who cried wolf and eventually it does turn out to have an explosive planted somewhere. However, given the sloppiness here, I doubt they would be capable of pulling off something as smart as that.
Click to expand...
That's the concern. This was incredibly sloppy, but anytime I read articles like this I always feel like it's an RSE test run. We often underestimate these players especially if it's a state player.
 
You must log in or register to reply here.
Back
Top