PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation

A new threat group, dubbed PoisonSeed, is targeting enterprise organizations and individuals outside the cryptocurrency industry. The campaign focuses on phishing CRM and bulk email providers' credentials to export email lists and send bulk spam. The attackers use a cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into compromising their wallets. Similarities have been detected between PoisonSeed, Scattered Spider, and CryptoChameleon, but the campaign is being classified separately due to unique characteristics. The attackers have set up phishing pages for prominent CRM and bulk email companies, including Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho. Once credentials are phished, the process of bulk downloading email lists appears to be automated. The campaign also involves spam sent from compromised accounts, including a notable breach of an Akamai SendGrid account.

Pulse ID: 67f432acbd8d0957264e79a3
Pulse Link: https://otx.alienvault.com/pulse/67f432acbd8d0957264e79a3
Pulse Author: AlienVault
Created: 2025-04-07 20:16:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Akamai #Chameleon #CryptoChameleon #CyberSecurity #Email #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #ScatteredSpider #Spam #SupplyChain #bot #cryptocurrency #AlienVault

A Day in the Life of a Prolific Voice Phishing Crew - Besieged by scammers seeking to phish user accounts over the telephone, Apple and ... https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/ #alittlesunshine #cryptochameleon #latestwarnings #thecomingstorm #voicephishing #800-275-2273 #allisonnixon #webfraud2.0 #domaintools #autodoxers #aristotle #markcuban #sharktank #starfraud #coinbase #telegram #unit221b #discord #lookout #stotle #trezor #okta

A Day in the Life of a Prolific Voice Phishing Crew

https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/

#ALittleSunshine #CryptoChameleon #LatestWarnings #TheComingStorm #voicephishing #800-275-2273 #AllisonNixon #WebFraud2.0 #domaintools #autodoxers #Aristotle #MarkCuban #SharkTank #StarFraud #Coinbase #telegram #Unit221B #Discord #Lookout #Stotle #Trezor #Okta #Perm

LastPass users targeted in phishing attacks good enough to trick even the savvy

Password-manager LastPass users were recently targeted by a convincing phishing campaign that used a combination of email, SMS, and voice calls to trick targets into divulging their master passwords

#LastPass #CryptoChameleon #password #passwords #passwordmanager #phishing #security #cybersecurity #infosec #hackers #hacking #hacked

https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/

LastPass users targeted in phishing attacks good enough to trick even the savvy
https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/
#LastPass #phishing—as—a—service #attacks #FCC #Coinbase #CryptoChameleon #spoofing #shortenedURL

LastPass warns of a CryptoChameleon phishing campaign spoofing LastPass. The CryptoChameleon is a Phishing-as-a-Service (PhaaS) that allows threat actors to easily create fake SSO or other login sites drawn from fraudulent branding. LastPass had the phishing site taken down and describes the phishing tactics used in this campaign. 🔗https://blog.lastpass.com/posts/2024/04/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns

#CryptoChameleon #PhaaS #phishing #threatintel