A Vast Network of Deception by Impersonating Thousands of Brands
A global scale scam nicknamed ‘Webwyrm’ (pronounced ‘web-worm’) that has been targeting more than 100,000 victims across over 50 countries globally by impersonating over 1000 companies across 10 industries for a combo task scheme akin to the ‘Blue Whale Challenge’ (from a few years ago that caused a massive global impact) is causing collective personal losses of possibly over a 100 million dollars. The scale of the scams and the TTPs (Targets, Techniques, and Procedures) employed show a highly skilled and persistent Threat Actor (TA) group who have been using effective OpSec (Operational Security) like consistent shifting of infrastructure and creating tight silos to prevent infiltration into the group.
CloudSEK has shared the details of the investigation with Global Law Enforcement Agencies to help implement remedial actions, including dismantling the scammer infrastructure and reporting to the impersonated organizations.
Webwyrm, likely active since late 2022, has grown multifold since early 2023 with the TA group employing various deceptive tactics. The following statistics unearthed by CloudSEK researchers show the scale at which the group is operating the scam.
Views: 0
