Security researchers have observed a highly sophisticated phishing campaign targeting employees of the US Federal Communications Commission (FCC), as well as popular crypto exchanges Binance, Coinbase, Kraken, and Gemini.
The as-yet-unidentified threat actor is going after people’s login credentials for Okta, researchers from Lookout found.
First, they would create landing pages for logging into places like the FCC portal, or Binance. These landing pages would be seemingly identical to the authentic ones, and are hosted mostly on RetnNet (a Russian web hosting service which might be more tolerant to cybercrime than its Western peers).
More than 100 victims
To build out these pages, they would use a previously unknown phishing kit named CryptoChameleon. Besides the creation of landing…
Source link
