Trezor users targeted following hack of email marketing company Mailchimp

Trezor users targeted following hack of email marketing company Mailchimp

Posted on

Email marketing platform Mailchimp, owned by Intuit Inc. since last year, has been hacked as part of a scheme to target Trezor cryptocurrency wallet service users.

Bleeping Computer reported today that the hack started with employees of Mailchimp falling for a social engineering attack that led to the theft of their credentials. “On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration,” a spokesperson for Mailchimp said. “The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”

A company being hacked is hardly rare in 2022, but this specific attack takes an interesting turn in that the hacker and hackers behind the attack did so seemingly to target Trezor users. Founded in 2013, Trezor offers a hardware cryptocurrency wallet that allows users to store private keys with a device.

Trezor described that attack on Twitter as a Mailchimp “insider” targeting cryptocurrency companies. The phishing attacks included the use of the fake domain names, and, both of which have now been taken down.

Bizarrely, those behind that attack cloaked their campaign as the result of Trezor being hacked. Users were targeted with an email that claimed that Trezor had experienced a security incident on April 2. The email stated that “at this moment, it’s technically impossible to accurately assess the scope of this data breach” and then added, “we must assume that your cryptocurrency assets are at risk of being stolen.”

Following further text, users were prompted to download the latest version of Trezor Suite, complete with a link. The link and what users subsequently downloaded was malware that stole their cryptocurrency.

It’s currently believed that more than 100 Trezor users fell for the fake email. The amount of cryptocurrency stolen from those who fell for the phishing scheme is unknown.

Other companies are likely affected by the Mailchimp breach, but it’s not clear if those behind the attack are targeting others. Virtual social world Decentraland warned users that their newsletter subscribers’  email addresses were leaked as part of the Mailchimp data breach.

“Similar to the FireEye and SolarWinds breaches in 2020, cybercriminals leveraged the services of one organization to gain access to dozens, if not hundreds of others,” James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “In this case, we are seeing cybercriminals leveraging a third-party tool to convince victims of an authorized email and work to gain access to sensitive information.”

McQuiggan noted that organizations will continue to struggle with social engineering attacks. “It becomes crucial for users to spot a phishing or vishing attack and feel empowered to report it to the appropriate departments for resolution,” McQuiggan said. “Cybercriminals will continue to target organizations that support hundreds and thousands of their customers to leverage that service to gain access for a more significant gain.”

Photo: Mailchimp

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *