Crimson Kingsnake, a new hacker group, is starting to flourish, posing as reputable international law firms via business email compromise (BEC) to hoodwink recipients into approving overdue invoice payments.
Threat actors pose as lawyers and send invoices for overdue payments for services allegedly made to the recipient company a year ago.
The Crimson Kingsnake group uses third-party impersonation tactics to defraud businesses all over the world. It masquerades as real lawyers, law firms and debt collection services to get accountants to pay fraudulent invoices quickly. It also targets companies in the United States, Europe, the Middle East and Australia. Like most BEC groups, the group is industry agnostic, meaning it does not deliberately target companies in certain industries.
When recipients fall for the phishing bait and ask for more information about the invoice, Crimson Kingsnake responds with an incorrect description of the service offered.
Even if the email is sent from outside the company, the executive’s email address of the executive can deceive the recipient, especially if no mailbox filters or warning systems are in place to alert the employee in question.
So far, the law firms impersonated by Crimson Kingsnake are Allen & Overy, Clifford Chance, Deloitte, Dentons, Eversheds Sutherland, Herbert Smith Freehills, Hogan Lovells, Kirkland & Ellis, Lindsay Hart, Manix Law Firm, Monlex International, Morrison Foerster, Simmons & Simmons and Sullivan & Cromwell. These are major multinational firms with a global footprint, so the threat actors assume the target will recognize them, which adds legitimacy to the email.
The sources for this piece include an article in BleepingComputer.