Neanderthals

Threat Actor updated 3 months ago (2024-11-29T14:30:02.109Z)
Download STIX
Preview STIX
Neanderthals, as named by ESET researchers, is a threat actor group that uses the Telekopye Toolkit to execute sophisticated phishing campaigns. These scammers are primarily recruited via advertisements distributed across various online channels, including underground forums. They employ deceptive tactics and social engineering to convince their victims, referred to as "Mammoths," into sharing sensitive information. This process includes creating fraudulent listings on other websites, offering items or apartments at discounted prices, and then scamming the victims again via refund phishing emails when the promised goods or services are not delivered. The Neanderthals use a variety of methods to stay anonymous and increase their chances of successfully executing scams. They have been observed using VPNs, proxies, and TOR to maintain their anonymity. In addition, they use web scrapers to sift through online marketplace listings and select potential victims who are likely to fall for their schemes. For instance, in real estate scams, they create bogus websites with apartment listings and lure Mammoths into paying reservation fees by directing them to phishing websites. If a Mammoth prefers in-person transactions, the Neanderthals claim to be unavailable due to distance or business trips, all while demonstrating heightened interest in the item to increase the likelihood of the scam's success. ESET experts recommend awareness of the Neanderthals' tactics and caution on affected platforms as the best defense against these scams. They also advise the use of reputable anti-malware solutions to provide protection in case of being lured to a phishing website. By dissecting specific features offered by Telekopye and the different scam types it facilitates, ESET has uncovered the geographical areas these Neanderthals target and how they select their victims. The dynamics within and between various Neanderthal groups, their techniques, and their teaching methods have also been explored, providing valuable insights into their operations.
Description last updated: 2024-10-14T17:15:55.170Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Eset
Phishing
Scams
Telegram
Scam
Bot
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Telekopye Malware is associated with Neanderthals. Telekopye is a malicious software, or malware, that has been utilized by a group of cybercriminals referred to as "Neanderthals" for well-organized phishing campaigns. Since its inception in 2016, Telekopye has facilitated the creation of fraudulent links, web pages, QR codes, and convincing images,has used
4
Source Document References
Information about the Neanderthals Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
ESET
23 days ago
InfoSecurity-magazine
5 months ago
ESET
a year ago
CERT-EU
a year ago
ESET
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago