fbpx
Techitup Middle East
B2B TechnologyCybersecurity

Infoblox Exposes ‘Savvy Seahorse’ a DNS Threat Actor Behind Massive Financial Scams 

  • Savvy Seahorse is a DNS threat actor who uses Facebook ads to lure users into fake investment platforms, where they steal their personal and financial information. 
  • Savvy Seahorse has been operating since August 2021 and has targeted users in various languages and regions, spoofing well-known companies like Tesla, Facebook/Meta, and Imperial Oil, among others. 
  • Savvy Seahorse uses a unique, now first reported technique of abusing DNS canonical name (CNAME) records for their scam campaigns. This technique allows them to evade detection by the security industry and represents a new challenge for threat researchers and defenders. 

Infoblox Inc., reveals the details of Savvy Seahorse in a new threat intel report. Savvy Seahorse is a DNS threat actor that has been deceiving victims into depositing funds into fraudulent investment platforms, falsely attributed to renowned entities such as Tesla, Meta, or Imperial Oil. To achieve this they used a variety of advanced lure techniques, such as fake chatbots, Meta Pixel tracking, and multiple payment processing domains. 

The threat intel report, titled “Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads”, demonstrates how Savvy Seahorse uses a previously unreported technique of abusing the Domain Name System to distribute traffic for their scam campaigns and avoid detection. It provides a comprehensive analysis of Savvy Seahorse’s operations (that date back as early as August 2021), infrastructure, and techniques, as well as indicators of activity to help security professionals and organizations detect and block this threat actor. 

Imagine you’re scrolling through Facebook and you see an ad for a new investment platform promising high returns. This is like seeing a sign for a new bank in town offering a great interest rate. You click on the ad and it takes you to a website that looks professional and trustworthy, just like walking into a sleek, modern bank branch. 

This is where Savvy Seahorse comes in. They’re the ones who put up that ad and created that website. But unlike a legitimate bank, they’re not interested in helping you grow your money. They’re interested in stealing it. 

Here’s how they do it: 

  • Fake Investment Platforms: Just like a fake bank might try to get you to deposit your money with them, Savvy Seahorse lures users into fake investment platforms. These platforms might look real, but they’re just a front for their scam. 
  • Personal Information: Once you’re on their platform, they’ll ask for your personal and financial information. It’s like a fake bank asking for your Social Security number and bank account details. 
  • Changing Tactics: Savvy Seahorse is sneaky. They change their IP addresses (like changing their physical location) and create multiple subdomains (like opening up multiple fake bank branches) to avoid getting caught. 

Related posts

Cloudflare Collaborates with Microsoft to Enable AI Models to Run Anywhere

Editor

Sophos Embraces the Future of Cybersecurity at GITEX Global 2023

Editor

SentinelOne and Mandiant Strengthen Partnership for Advanced Threat Protection

Editor

Leave a Comment