|Category: Adversary Intelligence||Industry: Multiple||Country: Global||Source*: E4|
- CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor advertising the services for search engine optimization (SEO) and website ranking under the name of ‘Shadow SEO’, on a cybercrime forum.
- These services can be used by phishing websites to rank highly in search results, make themselves seem more credible to victims, and collect sensitive data.
- Similar tactics have previously been observed in phishing campaigns against companies such as Ola Electric and in scam campaigns such as the Aadhar Printing Scams.
- SEO services are offered primarily for Google and Yandex search engines.
- CloudSEK’s researchers found the threat group’s PR site which is currently not operational.
- Actor is based in Russia and goes by the pseudonym "Dark Committee."
- The complete list of services advertised on the website is shown in the image below.
- The group is offering the following additional services:
- Service to send out 5,000 spam emails on a daily basis
- Website installation service to work with Hypothetical Reference Digital Path (HRDP) and HVNC (Hidden Virtual Network Computing) technologies
- For those who want to entirely change their identities in order to emigrate from the country or for other illegal purposes, the group also offers the following services:
- Online services - developing a new identity for online purchases
- Offline services - creating a new identity with the full package of accompanying documents that will be visible across all existing bases. It will be possible to register immovable and movable property on the new identity.
|Threat Actor Profiling|
|Active since||June 2022|
|Reputation||Low (Few complaints and concerns against threat actor on the forum)|
|History||Not interested in any one-time collaboration attempts and previously involved in compromising entities in the USA, Germany, and Australia.|
|Point of Contact||Jabber and Vipole|
|Rating||E4 (E: Unreliable 4: Doubtful)|