Cybercrime operation Lilac Wolverine has launched a massive gift card business email compromise attack, which lures targets into giving gift cards to individuals posing as seriously ill people or having lost relatives to illnesses, ZDNET reports.
Attackers who have successfully compromised an email address have resorted to copying the victim's address book and proceeding to create a similar account through free webmail services, an Abnormal Security report revealed.
The newly created email accounts are then used for BEC phishing lure delivery in an effort to better evade detection and suspicion.
"The pretexts the group uses in their BEC campaigns are meant to elicit an emotional response that they hope would persuade a target to comply with their request. Like other gift card BEC attacks, since the target population is substantially larger than other types of attacks, their success rate doesn't need to be that high to get a good return on investment on their campaigns," said Abnormal Security Director of Threat Intelligence Crane Hassold.
U.S. and international law enforcement takedown of Hive ransomware infrastructure last week remains significant despite the lack of any arrests during the operation, according to The Record, a news site by cybersecurity firm Recorded Future.