Mule-as-a-Service Infrastructure Exposed

New Threat Intelligence confirms connections underpinning pig butchering and investment scams

Much like companies in the legitimate economy, criminals also specialize: focusing on their core strengths and using third-party Software-as-a-Service platforms and tools to outsource the rest of the business or criminal infrastructure needed. These Crime-as-a-Service providers continue to evolve, from bulletproof hosting to Phishing-as-a-Service (PhaaS)

New threat intelligence from Netcraft has uncovered the connections in the underlying financial infrastructure supporting fraud networks around the globe. This includes  insights exposing centralized Mule-as-a-Service (MaaS) providers being used by seemingly unconnected threat actors around the globe to launder their scam proceeds through money mule bank accounts.

Examining the connections between the underlying cyber and financial infrastructure reveals a rich and interconnected network of mule accounts held at local and global banks, phone numbers, crypto addresses, payment app accounts, and email addresses being used to commit fraud. These connections not only give a mechanism to aid in identifying threat actors, but also new opportunities to disrupt crime groups involved in pig butchering, romance scams, and widespread, complex cyber-enabled fraud.

Netcraft’s Conversational Scam Intelligence (CSI) platform brings together Netcraft’s unique threat intelligence and generative AI to engage with threat actors in long-form peer-to-peer conversations at scale. These private conversations can last over a year and span hundreds of messages. Interactions with threat actors also serve as foundational data, used by Netcraft researchers to connect seemingly disparate scams to expose criminal actors around the globe.

Building a MaaS army

Netcraft researchers recently explored the Darcula Phishing-as-a-Service network, and insight suggests that similar pro

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Netcraft

Read the original article: