OTX Bot<p>PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation</p><p>A new threat group, dubbed PoisonSeed, is targeting enterprise organizations and individuals outside the cryptocurrency industry. The campaign focuses on phishing CRM and bulk email providers' credentials to export email lists and send bulk spam. The attackers use a cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into compromising their wallets. Similarities have been detected between PoisonSeed, Scattered Spider, and CryptoChameleon, but the campaign is being classified separately due to unique characteristics. The attackers have set up phishing pages for prominent CRM and bulk email companies, including Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho. Once credentials are phished, the process of bulk downloading email lists appears to be automated. The campaign also involves spam sent from compromised accounts, including a notable breach of an Akamai SendGrid account.</p><p>Pulse ID: 67f432acbd8d0957264e79a3<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67f432acbd8d0957264e79a3" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67f43</span><span class="invisible">2acbd8d0957264e79a3</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-07 20:16:44</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Akamai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Akamai</span></a> <a href="https://social.raytec.co/tags/Chameleon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chameleon</span></a> <a href="https://social.raytec.co/tags/CryptoChameleon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoChameleon</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScatteredSpider</span></a> <a href="https://social.raytec.co/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChain</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
dmv.community is one of the many independent Mastodon servers you can use to participate in the fediverse.
A small regional Mastodon instance for those in the DC, Maryland, and Virginia areas. Local news, commentary, and conversation.
Administered by:
Server stats:
161active users
dmv.community: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#cryptochameleon
1 post · 1 participant · 0 posts today
OTX Bot<p>PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation</p><p>The PoisonSeed campaign is targeting enterprise organizations and individuals outside the cryptocurrency industry by phishing CRM and bulk email provider credentials. The attackers export email lists and send bulk spam from compromised accounts, primarily to support cryptocurrency spam operations. The campaign uses a novel cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into copying them into new cryptocurrency wallets for future compromise. While similarities exist with Scattered Spider and CryptoChameleon groups, PoisonSeed is currently classified separately due to unique characteristics. The campaign has targeted companies like Coinbase, Ledger, Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho, using sophisticated phishing techniques and automated processes to quickly exploit compromised accounts.</p><p>Pulse ID: 67ef8546d1d9ef9cd8e91906<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ef8546d1d9ef9cd8e91906" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ef8</span><span class="invisible">546d1d9ef9cd8e91906</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-04 07:07:50</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Chameleon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chameleon</span></a> <a href="https://social.raytec.co/tags/CryptoChameleon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoChameleon</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Edge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Edge</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScatteredSpider</span></a> <a href="https://social.raytec.co/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChain</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Matt Willemsen<p>LastPass users targeted in phishing attacks good enough to trick even the savvy<br><a href="https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/</span></a><br><a href="https://mastodon.social/tags/LastPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LastPass</span></a> <a href="https://mastodon.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a>—as—a—service <a href="https://mastodon.social/tags/attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>attacks</span></a> <a href="https://mastodon.social/tags/FCC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FCC</span></a> <a href="https://mastodon.social/tags/Coinbase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Coinbase</span></a> <a href="https://mastodon.social/tags/CryptoChameleon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoChameleon</span></a> <a href="https://mastodon.social/tags/spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spoofing</span></a> <a href="https://mastodon.social/tags/shortenedURL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>shortenedURL</span></a></p>
Not Simon<p><strong>LastPass</strong> warns of a CryptoChameleon phishing campaign spoofing LastPass. The CryptoChameleon is a Phishing-as-a-Service (PhaaS) that allows threat actors to easily create fake SSO or other login sites drawn from fraudulent branding. LastPass had the phishing site taken down and describes the phishing tactics used in this campaign. 🔗<a href="https://blog.lastpass.com/posts/2024/04/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.lastpass.com/posts/2024/0</span><span class="invisible">4/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns</span></a></p><p><a href="https://infosec.exchange/tags/CryptoChameleon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoChameleon</span></a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhaaS</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload