Neanderthals

Threat Actor updated 4 months ago (2024-05-04T19:42:58.709Z)

Download STIX

Preview STIX

Neanderthals, a threat actor group identified by ESET researchers, have been exploiting the Telekopye toolkit to execute various types of scams. The group primarily recruits members via advertisements on underground forums and uses Telegram channels for communication and transaction tracking. They employ deceptive tactics and social engineering to trick victims (referred to as "Mammoths") into sharing sensitive information. These scammers also use VPNs, proxies, and TOR to maintain anonymity while conducting their operations. The Neanderthals are involved in several scam types facilitated by the Telekopye toolkit. In seller scams, they pose as sellers and deceive Mammoths into buying non-existent items. If the victims don't receive the goods, they are further targeted with refund phishing emails. The group is also engaged in real estate scams, creating bogus websites with apartment listings and luring Mammoths into paying reservation fees through phishing websites. They use web scrapers to sift through online marketplace listings to find ideal victims likely to fall for their schemes. ESET researchers have dissected specific features offered by Telekopye and the different scam types it facilitates, shedding light on the geographical areas these Neanderthals target and how they select their victims. For instance, in the real estate scam scenario, Neanderthals contact legitimate apartment owners feigning interest, gather details, and then create their own listings at reduced prices on other websites. The dynamics within and between various Neanderthal groups, their techniques for finding and selecting victims, and their methods of teaching each other to effectively use Telekopye have been discussed in detail in an ESET podcast.

Description last updated: 2024-05-04T19:42:58.657Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Eset

Scam

Phishing

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Telekopye	has used	3	Telekopye is a sophisticated malware toolkit used by cybercriminals, particularly Russian hackers, to carry out broad phishing attacks. This malicious software, implemented as a Telegram bot, is designed to create fraudulent links, web pages, QR codes, and deliver convincing images via SMS messages

Source Document References

Information about the Neanderthals Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	9 months ago	ESET Research Podcast: Neanderthals, Mammoths and Telekopye
CERT-EU	9 months ago	Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
ESET	9 months ago	Telekopye: Chamber of Neanderthals’ secrets
CERT-EU	9 months ago	Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
CERT-EU	a year ago	Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks
CERT-EU	a year ago	New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia
CERT-EU	a year ago	Organizations in NATO countries claimed to be compromised by hacktivist operation
CERT-EU	a year ago	Scammers Target Online Markets with Telekopye Phishing Toolkit
CERT-EU	a year ago	Cyrus Labs purchased by Malwarebytes
CERT-EU	a year ago	Industrial HMIs at risk of attacks exploiting Rockwell ThinManager vulnerabilities
CERT-EU	a year ago	Telekopye: Hunting Mammoths using Telegram bot