Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and more. – SWN #441

The article “A Day in the Life of a Prolific Voice Phishing Crew” on KrebsOnSecurity provides a detailed look into the operations of a sophisticated voice phishing gang. Here are the key points a cybersecurity expert would find valuable:

1. Phishing Techniques: The gang abuses legitimate services from Apple and Google to send emails, automated phone calls, and system-level messages to users. They use these methods to create a sense of urgency and legitimacy.

2. Case Study - Tony: A cryptocurrency investor named Tony was robbed of over $4.7 million through an elaborate voice phishing attack. The attackers initially contacted him via Google Assistant and used various Google services to send phishing emails and account recovery prompts.

3. Phishing Domain: The domain used to steal from Tony was verify-trezor[.]io, which was part of a larger operation by a group called "Crypto Chameleon". This group targeted employees at the U.S. Federal Communications Commission (FCC) and cryptocurrency exchanges like Coinbase and Binance.

4. Phishing Kit: The group used a phishing kit that mimicked single sign-on pages for authentication providers like Okta. This kit is operated by a cybercriminal known as “Perm” or “Annie,” who is the administrator of the Star Fraud community on Telegram.

5. Internal Conflicts: The article also highlights internal conflicts within the phishing group, particularly between “Perm” and another cybercriminal known as “Stotle.” Stotle shared detailed videos and tutorials revealing how the phishing panels operate.

6. Division of Spoils: The division of spoils from each robbery is decided in advance by all participants, indicating a highly organized and collaborative effort.