Gold Galleon Hackers Target Maritime Shipping Industry


Researchers have found that Nigerian hacking ring, targets on maritime shipping firms to try and steal millions of dollars on an annual basis, reports ZDNET.

E- Threats

On Wednesday, security experts from the Secureworks Counter Threat Unit (CTU) said that the previously unidentified “Gold Galleon” threat group specializes in business email compromise (BEC) and business email spoofing (BES) fraud to dupe their victims into parting with funds.

BEC and BES scams are more sophisticated than your average spam email. Spear phishing, in which messages are crafted to appear as legitimate ones from employees, contacts, or other companies, are utilized to lure victims into a false sense of security.

By appearing legitimate, these kinds of scams will often attempt to persuade users to download malicious documents containing malware payloads or to visit malicious web pages which harvest credentials.

When these credentials are stolen, threat actors can then intercept genuine business email exchanges, alter orders or financial details, and quietly reap the rewards.

CTU monitors and targets spamming on all companies, but Gold Galleon focuses on global maritime shipping businesses and their customers, a blog post says.

Cost of Fraud/Threat

The researchers estimate that between June 2017 and January 2018, the hackers attempted to steal upwards of $3.9 million, and on average, fraud attempts may reach attempted theft levels of $6.7 million per year.

For example, a compromised email account belonging to a company executive could be used to send a fraudulent request for a wire transfer to the employee who handles such requests. The staff member may not immediately question this request, and then money is sent to an account controlled by the threat actor.

Gold Galleon targets maritime companies including those that provide ship and port management services. As many of these companies operate internationally and work on different time zones, email is a crucial communicative tool — and one which easy to exploit.

Hacker’s tool box

The threat actors use a wide range of tools after they have compromised accounts belonging to these companies. These include remote access software, keyloggers, and password stealers, many of which are available online publicly and with little investment.

Gold Galleon utilizes tools including EmailPicky to scrape fresh victims from email contact lists, Predator Pain, PonyStealer, Agent Tesla, and HawkEye keyloggers.

Key target countries

Shipping companies operating in South Korea, Japan, Singapore, Philippines, Norway, the US, Egypt, Saudi Arabia, and Colombia have been targeted by the group, which the researchers believe is loosely made up of at least 20 participants.

The hacker are centrally controlled and are instructed on tasks including monitoring compromised email accounts, phishing for victims, and experimenting with new malware and tools.

CTU researchers say that the senior members in Gold Galleon also mentor other less-experienced hackers and also train them to liaise with traders of malware.

Real time hack scenes

Once, CTU detected Gold Galleon attempting to exploit a shipping company based in South Korea. The group managed to steal the credentials for eight email accounts linked to the firm, including one belonging to the company’s accountant.

These credentials were then used to send a fraudulent request for $50,000 for the purpose of “crew wages” to a “cash to master” (CTM) service partner. Thankfully, the would-be victim had sent emails to other partners for clarification and was aware of the fraud — but CTU was able to unmask the full scheme.

Another case was when Gold Galleon then repeated its attempt at fraud, this time with a Japanese company that was the South Korean firm’s client. An attempt was made to steal $325,585, which also failed now that the red flags were flying.

Silent hacks

“In some cases, the victims are unaware of what is happening until it is too late,” the researchers say. “Organizations in some industries (in this case shipping) may be exposed to heightened risk as threat actors focus their attempts toward industries that are more susceptible to these techniques.”

Communication between the threat actors and the phrases they use when communicating online have linked Gold Galleon to the Buccaneer Confraternity group, which was originally set up to support human rights in Nigeria.

Did you subscribe for our daily newsletter?

It’s Free! Click here to Subscribe!

Source: ZDNet