Neanderthals

Neanderthals, a threat actor group identified by ESET researchers, have been exploiting the Telekopye toolkit to execute various types of scams. The group primarily recruits members via advertisements on underground forums and uses Telegram channels for communication and transaction tracking. They employ deceptive tactics and social engineering to trick victims (referred to as "Mammoths") into sharing sensitive information. These scammers also use VPNs, proxies, and TOR to maintain anonymity while conducting their operations. The Neanderthals are involved in several scam types facilitated by the Telekopye toolkit. In seller scams, they pose as sellers and deceive Mammoths into buying non-existent items. If the victims don't receive the goods, they are further targeted with refund phishing emails. The group is also engaged in real estate scams, creating bogus websites with apartment listings and luring Mammoths into paying reservation fees through phishing websites. They use web scrapers to sift through online marketplace listings to find ideal victims likely to fall for their schemes. ESET researchers have dissected specific features offered by Telekopye and the different scam types it facilitates, shedding light on the geographical areas these Neanderthals target and how they select their victims. For instance, in the real estate scam scenario, Neanderthals contact legitimate apartment owners feigning interest, gather details, and then create their own listings at reduced prices on other websites. The dynamics within and between various Neanderthal groups, their techniques for finding and selecting victims, and their methods of teaching each other to effectively use Telekopye have been discussed in detail in an ESET podcast.