Security News > 2023 > September > How Ducktail capitalizes on compromised business, ad accounts

Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that.
Ducktail is the name assigned by security researchers to a group operating from Vietnam, whose goal is hijack social media business accounts on platforms like TikTok, Facebook, LinkedIn, and Google.
Their selected targets are individuals working in the digital marketing and advertising sector, i.e., persons who have access to business and ad accounts.
The attackers use private residential proxy services when logging in to compromised social media business accounts, so they can "Show" an appropriately geolocated IP address and avoid being detected by the platforms' defenses.
Threat actors target ad accounts so they can access ad budgets.
"Facebook combats threat actors like Ducktail, who hack and abuse ad accounts on their platform, by automatically flagging suspicious accounts. Because of this, threat actors try to prolong the life of a compromised ad account. For this reason, hacked Facebook accounts are not interchangeable commodities. Depending on an account's properties, it may range from very valuable to almost useless to buyers," the researchers concluded.
News URL
https://www.helpnetsecurity.com/2023/09/01/compromised-business-ad-accounts/