In summary
- GK8 researchers have discovered that threat actors who recruit professional voice imitators in underground forums to attack cryptographic executives in the United States.
- Personalized “Vishing” campaigns make operations of up to $ 20,000 per month.
- The attackers have cured data sets of Executive Personal Information and use deep defense technology, voice changers and sophisticated infrastructure to avoid traditional security measures.
Cybercriminals are recruiting professional voice imitators teams to go to US high -level crypto executives through sophisticated social engineering attacks based on phones, with operations by winning up to $ 20,000 monthly in what researchers call “splashed” campaigns.
A new GK8 report by Galaxy reviewed by Decipher It reveals how threat actors have gone beyond the traditional PHISHING emails to build organized criminal companies aimed at cryptographic leaders with personalized voice and video campaigns.
The attacks use scored executive data sets, supplantation of voice and professional infrastructure to exploit people who safeguard the custody infrastructure and private keys, with the risk of “large -scale cryptography robbery.”
In June, GK8 researchers discovered recruitment positions in restricted underground forums where the established threat actors sought experienced “calls” experienced to execute specific attacks against high executives in the main US cryptographic companies.
Publications included sample objectives containing five cryptographic executives, including higher legal officers, engineers, financial controllers and CTO, all with a minimum net assets of approximately $ 500,000.
“We validate the reputation of the threat actors in these forums when examining the coupons, claims, grades, the date of creation of the reputation of the supplier and the forum,” said Tanya Bekker, GK8 research director, said Decipher When asked how his team confirmed the legitimacy of these operations.
“According to threat actors, these data come from new commitments,” Bekker said about executive data sets that promote these campaigns.
‘Saltanza’ campaigns on the rise
Unlike traditional phishing emails, Bekker said that modern “drizzle” campaigns are “highly specific and personalized” and focus on “executives and professionals of high value crypto with privileged access.”
“They use voice and video impersonation, Deepfake content and meticulously adapted pretexts based on detailed data sets on victims,” he said.
According to reports, threat actors implement Internet protocol systems, internal direct marking numbers and SMS capabilities to pass the banks, cryptographic services and government agencies.
Forum publications reveal compensation ranging from $ 15 per call from 20 minutes to more than $ 20,000 per month for experienced operations, according to the report.
“We observe that some operators work in the long term, building organized groups that function as a professional fraud industry,” Bekker told Decipher. “It’s a business, and threat actors take their work very seriously.”
Bekker said that attackers increasingly use “deep voices and videos” and “real -time attacks” in their operations.
While the specific case reviewed focused on US executives, he said that similar campaigns operate in Germany, the United Kingdom and Australia.
Social Engineering and Crypto attacks
Recent incidents point to the broader reach of social engineering threats faced by the cryptographic industry.
North Korea operations have created false companies and used deep defects during work interviews to infiltrate cryptographic companies, with attackers stealing $ 1.34 billion in 47 incidents only in 2024.
Jimmy Su, Binance Security Director, said previously Decipher That their exchange receives false curriculums daily from the alleged North Korean attackers who now use “voice changers during their interviews, and the video was a deep defake.”
The main detection method, he said, is that the attackers “almost always have a slow connection to the Internet” because the translation and technology that changes the voice works during the calls.
The GK8 report documents how threat actors are changing the approach to massive phishing campaigns until the “quantity quality” orientation.
During the next 12-18 months, Bekker warned that the attacks will become more sophisticated since “distinguishing between false and reality will become increasingly difficult” and said that cryptographic organizations must defend themselves against “personalized socialized social engineering attacks that exploit human vulnerabilities.”
She recommended that executives “assume that their personal information has already been exposed” and guarantees that “a single individual should not confirm” high value transactions. “
Bekker emphasized that “social engineering thrives in human error” and companies need “specific protocols and training in tactics of social engineering of voice and video”.
“With highly customized scams, companies must accept that even the most reliable experts can be deceived,” he said. “Separate roles and private keys, so no person has a total signature power.”
The GK8 report reveals that threat actors specify detailed recruitment criteria for people who call, including accent preferences, gender selection, language capabilities and availability in time areas to match the profiles of specific objectives and maximize the commitment of victims during peak hours.
Daily report Information sheet
Start every day with the main news at this time, in addition to original characteristics, a podcast, videos and more.
