Full Text

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide.

The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted.

While attacking targets across various regions and using multiple languages is not new, in the past, these attacks were perpetrated mainly by sophisticated organizations with bigger budgets and more advanced resources, Crane Hassold, director of Threat Intelligence at Abnormal Security, wrote in his research.

As technology becomes more accessible and affordable, it has lowered the entry barrier, making it easier for threat actors to carry out BEC attacks. The scammers behind the attacks use the same commercial online services that sales and marketing teams rely on to identify prospects and personalize communications. They also use automated translation tools, including Google Translate, to instantly translate their malicious emails into whatever language they need.

Midnight Hedgehog payment fraud

Midnight Hedgehog uses executive impersonation, typically posing as a company CEO, to...