Contents:
RedZei (or RedThief) Chinese-speaking hackers are targeting U.K.-based Chinese international students, a wealthy victim group, with scam calls.
The campaign is ongoing for more than a year and shows that threat actors have meticulously selected and researched their victims.
Details About the Campaign
To bypass security measures, like phone number-based blocking, RedZei group takes several steps on its scam calls operation. They use a new pay-as-you-go U.K. phone number for every attack wave.
The threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia.
Victims were called once or twice a month, each time from a different U.K. phone number, and received an “unusual” automated voicemail if they did not answer the phone.
In that voicemail, cybercriminals impersonate organizations like the Bank of China, China Mobile as well as the Chinese embassy. The social engineering techniques were meant to trick students into disclosing their personal information.
Other themes exploited by RedZei include the ‘abnormal usage of your NHS number’ and international parcels being delivered from DHL, which are both common concerns for Chinese students studying in the UK.
Will Thomas via The Hacker News
It seems that this very profitable campaign has been started by RedZei in August 2019, when a Visa scam tricked Chinese international students to transfer enormous amounts of money to avoid deportation.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.