A cybercrime group based in Nigeria is targeting businesses in the United States and Western Europe with a plethora of scam emails as part of a larger campaign of business email compromise (BEC) attacks.
Abnormal Security’s Crane Hassold told The Record that the group – named “Lilac Wolverine” – stood out to them among the thousands of BEC threat actors they see each week because of its significant volume.
“We consistently see 5-10 campaigns from them a day – and their unique combination of tactics – exploiting compromised personal accounts, setting up look-alike free webmail accounts, using emotionally-charged themes (cancer/COVID) – really stuck out as one of the more notable groups we track,” Hassold said.
“While we’ve seen Lilac Wolverine attacks target upwards of 50 enterprise users in a single campaign, the total number of targets is likely significantly higher since the group exploits a compromised personal accounts contact list.”
The group hides the targeted email addresses with blind carbon copy (BCC) when conducting their campaigns, making it impossible to know the exact number of targets.
Hassold noted that while it is difficult to know how successful their attacks are, the target population is substantially larger than in other types of attacks, meaning even a low success rate would get a good return-on-investment on their campaigns.
The actors are primarily based in Nigeria and most of the targets have been in the U.S. and…
