Hacker Uses Ingenious MO to Siphon $1M from VC Firm

December 9, 2019 | Digital Assets, News

A “Man-in-the-Middle” attack, spoofed emails, bogus domains, lots of planning, plenty of patience, and bingo!

Security researchers at cybersecurity firm Check Point relate how Chinese hackers hijacked $1 million of seed money that was supposed to travel from a Chinese venture capital firm to an Israeli startup.

However, Check Point found after an exhaustive investigation that the attacker had tampered with the emails between the two organizations. They also found emails that had not been written by either of them but received by one or the other.

Check Point reveals hacker’s modus operandi (MO)

Aware of emailed plans for the imminent wire transfer, the hacker set up two lookalike domains. One was of the Chinese VC firm and the other of the startup. The domains were exactly the original domain names, except that the hacker added an ‘s’ at the end of each.

Next, the attacker sent two emails with the same subject header as the original email to each firm. These mails looked as if they originated from the other party. In reality, the bad actor sent these emails from the fake domains.

Therefore, subsequent emails in the thread now passed through the attacker’s domains. Unknown to the two parties, the attacker had now firmly ensconced himself as the man in the middle. The emails landed up at these fake domains, and it was a cinch for him to alter and edit information such as bank accounts details and resend to the intended recipient.

Once the bank details were tampered with, it was a simple matter to wait for the funds to arrive at the fraudulent bank account and then to vanish with the proceeds.

“Patience, attention to detail, and good reconnaissance on the part of the attacker made this attack a success,” Check Point said.

[Related Story: ZecOps Raises $10.2 Million Seed To Exploit Cyber-Attackers’ Mistakes ]

Free Industry News

Subscribe to our free newsletter for updates and news about alternatives investments.

  • This field is for validation purposes and should be left unchanged.


Alt Insights

January 16, 2020

ESG: Lately-turned Tesla Bull Jim Cramer Adds Fink To The Mix

ESG: Lately-turned Tesla Bull Jim Cramer Adds Fink To The Mix
Shape

Latest Alternative Investment News

Digital Assets: UAE a Flag-bearer for Blockchain Technology Deployment
January 20, 2020     Digital Assets, News

The UAE is a Flag-bearer for Blockchain Technology Deployment. A joint white paper has been issued by the World Economic Forum and the United Arab Emirates’ Centre For The Fourth…

Digital Assets: Bitwise/ETF Trends 2020 Survey – 65% Advisors Want to Buy Bitcoin in an ETF
January 20, 2020     Digital Assets, News

The Bitwise / ETF Trends 2020 Benchmark Survey of Financial Advisor Attitudes Toward Cryptoassets gives useful insight into what advisors are thinking about Bitcoin and cryptos going into 2020. ETFs…

ESG: Best Buy’s CEO in the Dock for Alleged ‘At-Work’ Liaison
January 20, 2020     ESG and Sustainability, Latest News, News

Current Best Buy CEO Corie Barry allegedly had a romantic relationship with a male colleague before taking charge as CEO in June 2019. Best Buy’s board is investigating the charge,…

Emission-Free Friday: Here are the Latest Funds to Push for Carbon Neutral
January 17, 2020     ESG and Sustainability, Investments, News

Carbon emissions dominated the headlines this week. The European Commission has announced an ambitious plan to shift toward a green economy and make the EU carbon-neutral in the year ahead….