"Cyjax has investigated a sophisticated, large-scale phishing campaign that exploits the reputation of
international, trusted brands. It targets businesses in multiple verticals including retail, banking, travel,
and energy. Promised financial or physical incentives are used to trick victims into further spreading the
campaign via WhatsApp. Once victims are psychologically invested in the phish, they are redirected through
a series of sites owned by advertising agencies, earning Fangxiao money. Victims end up in a wide range of
suspicious destinations, from Android malware to fake gift card imposter scams.
We are tracking the threat actors behind this campaign as Fangxiao. We have assessed with high confidence
that this group is based in China, and we have identified activity dating back to 2017 over more than 42,000
domains, allowing us to observe its development. Fangxiao has also exploited anxieties about world events,
with some of their sites impersonating COVID-19 relief funds or posting as recruitment campaigns for
deprived countries.
Fangxiao uses various strategies to stay anonymous: for example, most of their infrastructure is protected
behind CloudFlare, and they rapidly change domain names. On one day in October 2022 alone, the group
used over 300 new unique domains. However, during our investigation we were able to discover operational
security failures and gain valuable insights about Fangxiao’s operations." Cyjax mention in report
No comments:
Post a Comment