According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams hundreds of multinational corporations in about 40 countries from 2019. Cosmic Lynx, which Agari suggests as the name of the gang, employ social engineering techniques and well-written email messages crafted to scam the upper level of executives as stated by the report. The researchers think about 200 of these types of schemes are already done by this group, and some will continue into July.
In about 3/4th of the BEC attacks that were examined by Agari, it was found that the gang was looking to lure those with titles like the managing director, vice president, or general manager. In most cases, it attacks were on organizations that lack security authentication checks and protections, which include reporting and conformance, domain-based message authentication, or DMARC. The report reveals that this gang always sends emails that replicate the CEO’S profile.
Cosmic Lynx sophisticated operation
As of July 2019, these fraudsters show themselves to be representatives from a company located in Asia that are working with a known company to transact payments for potential owners. The members of these gangs have hijacked the ownership of legal law firms that are located in the UK—posing as external legal counsels that are working on a fictitious deal, as stated by the report. Agari has also revealed that they aims to make the executives of these companies their targets to move funds to bank accounts in Eastern Europe or Hong Kong, which are handled by these criminals.
Cosmic Lynx tactics
These criminals do make research by using commercial services to build a list of people to get their emails that will replicate other executives and start manipulating data as revealed by the report. They have come up with ways of moving past email protection tools like DMARC.
Cosmic Lynx Russia ties
It seems cosmic Lynx is one of the first organized Russia based groups that has expanded into the BEC fraud if we are to go by Agari report.