Cybernews is reporting that Savvy Seahorse, a new group out there since at least 2021, is now turning to Facebook for its investment needs.
The money sent is being sent to a state owned bank in a popular country we all would love to hate, Russia.
A newly discovered threat actor called Savvy Seahorse creates fake investment platforms, lures in victims with the help of Facebook, and transfers the ill-gotten deposits to a Russian state-owned bank.
According to Infloblox’s threat intelligence group, which has published a new report on Savvy Seahorse, this Domain Name System (DNS) threat actor creates fake investment platforms where victims can deposit funds and are lured in by spoofing well-known icons such as Tesla, Meta, and Imperial Oil, among others.
What isn’t surprising is this short paragraph which talks about using Facebook advertising.
What’s more, the group uses Facebook ads to convince users to enroll in the fake platforms, and then transfers those deposits to a Russian state-owned bank.
They target all kinds of languages, English being one of them.
The attackers have been targeting Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers. Mysteriously, the campaigns appear to specifically protect potential victims in Ukraine and a few other countries.
I do have to give the group credit in the way that they keep their stuff up and running. Read and learn.
Savvy Seahorse abuses the DNS in an obscure way, Infoblox says. They leverage DNS canonical name (CNAME) records to create a traffic distribution system for sophisticated financial scam campaigns.
As a result, Savvy Seahorse can control who has access to content and can dynamically update the IP addresses of malicious campaigns.
“This technique of using CNAMEs has enabled the threat actor to evade detection by the security industry,” says Infloblox, adding that Savvy Seahorse has been operating since at least August 2021.
The threat actor’s campaigns feature a variety of advanced lure techniques but they all follow a similar pattern, with the end goal of stealing the victim’s personal and financial information for monetary gain.
There’s plenty more about this group and what they’re up to.
Want to read more? Threat actor uses Facebook to lure victims, sends cash to Russia
is the article. Have fun with this one!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.