Cyber Security Threat Summary:
Group-IB recently uncovered the operations of a scam ring dubbed CryptoLabs that has allegedly made €480 million in illegal profits by targeting users in French-speaking individuals in France, Belgium, and Luxembourg since April 2018. The syndicate is known for impersonating well-known banks, fin-techs, asset management firms, and crypto platforms, setting up scam infrastructure spanning over 350 domains hosted on more than 80 servers. According to researchers, the threat actors have been experimenting with different landing pages, since 2015, ultimately launching their campaign around June 2018.

“It all starts with luring targets through advertisements on social media, search engines, and forums dedicated to online investments, masquerading as an "investment division" of the impersonated organization and presenting them with attractive investment plans in an attempt to part with their contact details. In the next stage, they are approached by call center operators who provide additional details about the bogus platform and the credentials required to conduct trading. ‘After logging in, the victims deposit funds on a virtual balance," Ushakov said. They are then shown fictitious performance charts that trigger them to invest more for better profits until they realize they cannot withdraw any funds even when paying the 'release fees.' While the initial deposits are to the tune of €200-300, the scam is engineered to incentivize victims into depositing more funds by showcasing an illusion of good investment results” (The Hacker News, 2023).

Security Officer Comments:
To convince victims, the threat actors will hire French-speaking callers as managers and create fake landing pages, social media ads, documents, and investment platforms in the French language. According to Group-IB, the syndicate has also impersonated French-dominant businesses to resonate with their target audience.

CryptoLabs has managed to automate these scams with the help of a custom kit that allows the threat actors to run, manage, and scale their activities at different stages. The kit includes a customer relationship management service that can be used to add new managers to each of the phishing domains. It also includes a control panel that can be used to onboard new customers to the trading platform as well as a VoIP utility to communicate with victims in real time.

Suggested Correction(s):
Users should be careful when using online investment platforms, especially those guaranteeing quick gains or exaggerated returns. Before investing money, it’s important that users thoroughly research and select reputable platforms which have a strong track record. Also, be cautious of phishing calls, emails, or messages asking you to sign up for a platform or deposit funds, as threat actors will use this opportunity to siphon funds.

Link(s):
https://thehackernews.com/2023/06/cryptoslabs-scam-ring-targets-french.html