Security News > 2020 > July > Russian BEC Ring Targets Many Multinational Organizations
Over the past year, a Russian cybercrime group has launched over 200 business email compromise campaigns targeting multinational organizations.
The group mainly focused on senior-level executives, with three quarters of the targets holding titles such as managing director, vice president, or general manager.
Cosmic Lynx is aware of an organization's use of DMARC. While it typically directly spoofs CEO email addresses, the group attempts to circumvent DMARC policies by adding the CEO's email address to the display name, so that it would seem the email was sent from the CEO's account.
Agari was able to piece together evidence suggesting that the group is of Russian origin, including email metadata, working hours, and infrastructure information, but notes that solid attribution is not yet possible.
"Evidence that more sophisticated threat groups are adding BEC to their attack repertoire should concern everyone. Unlike traditional BEC groups, Cosmic Lynx has demonstrated the capability to develop much more complex and creative attacks that sets them apart from other more generic BEC attacks we see every day," Agari concludes.