In a recent Forbes article, technical author Davey Winder shared insights into a Check Point blog post. Hackers have been seen using AI which very nearly compromised the account of a Gmail user, as explained in a recent report by Winder. Now both Gmail and AI are back in the forefront, but now as part of a large-scale hacking campaign targeting both consumers and corporates with a financially-motivated payload. Check Point analyzes the new campaign the CopyRh(ight)adamantys cyber-attack.
Unlike the deepfake AI-generated cyber-attack that so nearly compromised a Gmail account user by impersonating Google support, the newly uncovered CopyRh(ight)adamantys campaign is simultaneously more sophisticated and a lot simpler.
So why the overly complicated name: this cyber-attack, described as a large-scale phishing campaign by Check Point Software researchers, uses a newly discovered variant of the Rhadamanthys information stealer malware. The attack also uses a false premise of the victim being responsible for copyright infringement violations. The conflation of these two things giving us that awful, pun-laden, CopyRh(ight)adamantys label.[1]
The Check Point team has been tracking multiple threat actors utilizing Rhadamanthys information stealer malware,[2] including an Iranian group operating in Israel called Void Manticore and Handala, a hacktivist group linked to it. Now, the researchers have identified a new large-scale phishing operation targeting both individuals and organizations. Rather than on a political or nation-state agenda, the Check Point analysis suggests the motivation is purely financial and carried out by a criminal cybercrime operative.
Gmail And AI at the Heart of a New Cyber Attack - The Check Point report reveals that the cyber attackers in question are using dedicated Gmail accounts, created solely to distribute emails that impersonate legitimate organizations to claim copyright violations on social media accounts, primarily Facebook. “Using falsified Gmail accounts sending emails from these well-known companies,” Check Point said, “the email addresses and language are customized per each target to inform the victim of their supposed copywriting violation.” It should come as no surprise that AI capabilities have been leveraged as part of this new cyber-attack campaign. According to their researchers, these capabilities are limited to older optical character recognition models which are using AI automation “to create customized emails and multiple Gmail accounts per target.”
Sergey Shykevich, threat intelligence group manager at Check Point Software, said that the discovery of the CopyRh(ight)adamantys cyber-attack campaign reveals not only the evolving sophistication of cyber threats but also “highlights how cybercriminals are leveraging AI for marketing purposes and use automation to enhance their reach and operational scale, for security leaders.” As such, Shykevich concluded, “it’s a wake-up call to prioritize automation and AI in defense strategies to counteract these globally scaled, financially motivated phishing campaigns."
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.forbes.com/sites/daveywinder/2024/11/07/cyber-attack-warning-as-hackers-use-ai-and-gmail-in-new-campaign/
[2] https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf
Comments