Exaggerated Lion (Cybergang) targets nearly 2,100 U.S. companies in 49 states, using a vast network of check mules.
As our engagements with Exaggerated Lion continued, the group evolved their tactics and started using fake invoices and W-9s to inject a sense of authenticity into their attacks. The invoices were created using an easily accessible free invoice generator and the W-9 forms were obtained from the Internal Revenue Service’s public website. Since these documents are commonly used in legitimate business transactions, including them gives Exaggerated Lion’s attacks a better chance of succeeding without any questions being asked.
Exaggerated Lion’s M.O. has remained remarkably consistent over the years. They use very long domain names hosted on G Suite containing words that give the appearance that an email was sent from secure infrastructure. Our research has uncovered more than 1,400 domains used by Exaggerated Lion since July 2017 that have been used to launch BEC campaigns (Business Email Compromise). Domains registered by Exaggerated Lion actors comprise more than 10% of all .MANAGEMENT domains that have ever been created and nearly 75% of all .MANAGEMENT domains that have ever been registered with Google.
read more (agari)
As our engagements with Exaggerated Lion continued, the group evolved their tactics and started using fake invoices and W-9s to inject a sense of authenticity into their attacks. The invoices were created using an easily accessible free invoice generator and the W-9 forms were obtained from the Internal Revenue Service’s public website. Since these documents are commonly used in legitimate business transactions, including them gives Exaggerated Lion’s attacks a better chance of succeeding without any questions being asked.
Exaggerated Lion’s M.O. has remained remarkably consistent over the years. They use very long domain names hosted on G Suite containing words that give the appearance that an email was sent from secure infrastructure. Our research has uncovered more than 1,400 domains used by Exaggerated Lion since July 2017 that have been used to launch BEC campaigns (Business Email Compromise). Domains registered by Exaggerated Lion actors comprise more than 10% of all .MANAGEMENT domains that have ever been created and nearly 75% of all .MANAGEMENT domains that have ever been registered with Google.
read more (agari)
