‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup
Researchers at Check Point Software uncovered an attack that used a sophisticated spoofing campaign to trick a Chinese VC firm and steal money from an emerging Israeli business. The man-in-the-middle campaign effectively intercepted a $1 million wire transfer from a Chinese venture capital firm that was intended for the Israeli startup. In a report published Thursday, Check Point explains how they uncovered the heist in which the attacker canceled a critical in-person meeting on both ends, communicating through email. Check Point initiated their investigation when the wire-transfer never reached the startup. The email addresses used were exactly the same as the two entities but added an extra ‘s’ to the end of the address. Typically, the attacker will create an auto-forwarding rule to intercept emails between the two parties.
Attackers sent 18 emails to the VC firm and 14 to the startup to disrupt the transaction and modify the bank account details to the money was wired to an account controlled by the hackers. Check Point traced the stolen money to a bank account in Hong Kong. A researcher explains that the cancellation of the in-person meeting was critical to the success of the attack, and otherwise, it likely would have failed. After the money was secured, the hackers continued to email both parties requesting another transaction. Check Point researchers said this should serve as a warning to those planning to complete large wire transactions.