On 15 July 2020, a total of 130 high-profile accounts in a major social networking platform were compromised by outside parties to set up a bitcoin scam. The attackers launched a sophisticated attack utilising multiple attack tactics. For a start, they used social engineering attack to steal the employees’ credentials of the social networking conglomerate. Then they used the stolen account’s priviledge to access internal systems and support tools. Finally, the attackers launched a large-scale message blast of bitcoin scam via the celebrities’ accounts, which include billionaires, famous singers and politicians. The scam message claimed that by sending bitcoins to a designated bitcoin wallet as part of the COVID-19 relief effort, the email receipients could receive a double amount of bitcoin in return.

For details, please refer to the below link:

https://www.hkcert.org/blog/case-study-on-bitcoin-scam-incident-a-combined-social-engineering-and-privilege-escalation-attacks

Tags:
Category: Cyber Security

ESSENTIAL