“Aggressive Inventory Zombies”: Unmasking a Massive Phishing and Pig-Butchering Network

Silent Push Threat Analysts have shed light on a large-scale phishing and pig-butchering network targeting retail brands and cryptocurrency users. Dubbed “Aggressive Inventory Zombies” (AIZ), this campaign underscores the threat actor’s evolving tactics and growing ambitions in the cybercriminal landscape.

The investigation began with the discovery of a few domains impersonating Etsy. What initially seemed to be an isolated phishing attempt targeting the e-commerce giant soon unraveled into a vast network encompassing major retailers and crypto platforms. Silent Push says, “The retail phishing campaign extends beyond Etsy – taking aim at major retailers and marketplaces, including but not limited to Amazon, BestBuy, eBay, Wayfair, and more.”

The Aggressive Inventory Zombies network employs a popular website template publicly available for purchase to create fraudulent sites that scrape product details from legitimate e-commerce platforms. Integrated chat services, often used as a primary phishing vector, add a deceptive layer of customer support. Silent Push highlights, “The threat actor has been building phishing websites using a popular website template and integrating chat services for its phishing activities.”

The network’s scope isn’t confined to retail. Analysts uncovered phishing sites targeting cryptocurrency users, including those on platforms like Binance and Kraken. These sites mimic legitimate crypto services to steal credentials and siphon funds.

During their research, Silent Push identified financial ties to India and collaborated with Stark Industries to dismantle parts of the campaign’s infrastructure. Stark’s takedown efforts exposed additional IPs and domains linked to the threat actor, revealing the breadth of the AIZ network. “We received a substantial source of pivots for this network by collaborating on takedown efforts of some related campaign infrastructure,” Silent Push reported.

The campaign’s targeted brands span a broad spectrum of e-commerce and crypto platforms:

• Retail: Amazon, BestBuy, eBay, Rakuten, Wayfair, and more.
• Crypto: Binance, Kraken, and generic crypto brands.

Silent Push’s analysis also revealed unique phishing techniques, such as attempts to collect bank details through chat widgets embedded on fraudulent TikTok shopping sites. These sites masqueraded as official e-commerce portals while employing subtle tactics to extract sensitive information.

Phishing campaigns leveraging advanced tactics, like integrated chat tools, are increasingly challenging to identify and mitigate. Silent Push emphasizes, “The scale of the sites in this network proves it is a substantial effort.”

Related Posts:

• Palo Alto Networks Revealed Worldwide Linux XorDDoS Campaign
• North Korea’s Lazarus Group: A Persistent Threat to the Defense Sector
• Silent Skimmer Reemerges: New Tactics Target Payment Gateways