At a glance.
- GXC Team's latest offerings in the C2C underground market.
- X (formerly Twitter) account hijacked to spread malware.
- Estes refuses to pay ransom.
- Data breach blamed on password reuse.
- Sandworm was in Kyivstar's networks for months.
- UAC-0050 deploys RemcosRAT against Ukrainian targets.
- "Happy New Year" changed to "Glory to Ukraine."
GXC Team's latest offerings in the C2C underground market.
Resecurity is tracking a cybercriminal gang, “GXC Team,” that develops and sells tools to facilitate online banking theft and social engineering attacks. In November, the gang began selling a tool that uses artificial intelligence to craft fraudulent invoices for use in business email compromise (BEC) attacks. The invoices can hijack business transactions by replacing banking information contained in legitimate invoices. This tool is the latest in a wide variety of social engineering platforms developed by the threat actor.
It's not their first offering in the C2C market. “Previously, the ‘GXC Team’ gained notoriety for creating a wide array of online fraud tools, ranging from compromised payment data checkers to sophisticated phishing and smishing kits,” Resecurity says. “They have been considered the masterminds in this illicit field, supplying fellow cybercriminals with a suite of ready-to-use tools designed to defraud innocent consumers globally. Additionally, they offer ongoing updates and technical support for conducting fraud."