Security consulting firm Kroll revealed that a SIM-swapping attack against one of its employees caused the theft of user information for multiple cryptocurrency platforms. Kroll is managing ongoing bankruptcy proceedings for the impacted organizations, including BlockFi, FTX, and Genesis.
On August 19, 2023, the consulting firm became aware that threat actors targeted the T-Mobile phone number belonging to one of its employees. The company defined the attack as “a highly sophisticated ‘SIM swapping’ attack.”
“We were recently informed that on Saturday, August 19, 2023, a cyber threat actor targeted a T-Mobile US., Inc. account belonging to a Kroll employee in a highly sophisticated “SIM swapping” attack. Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor’s phone at their request.” reads the statement published by Kroll. “As a result, it appears the threat actor gained access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis. Immediate actions were taken to secure the three affected accounts. Affected individuals have been notified by email.”
The company immediately launched an investigation into the incident and notified the FBI. The company pointed out that they have no evidence that their systems or accounts were impacted.
The security breach suffered by Kroll may have exposed the data of individuals. Media suggests that threat actors may already be attempting to misuse the stolen data in phishing attacks.
The unfortunate result of the SIM-swap against the Kroll employee is that person who had any financial relationship with BlockFi, FTX, or Genesis.
“Multiple readers who said they got breach notices from Kroll today also shared phishing emails they received this morning that spoofed FTX and claimed, “You have been identified as an eligible client to begin withdrawing digital assets from your FTX account.”” reads a post published by KrebsonSecurty.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors…
A vulnerability in the Fluent Bit Utility, which is used by major cloud providers, can…
Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese…
Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute…
Two students discovered a security flaw in over a million internet-connected laundry machines that could…
A new Grandoreiro banking trojan campaign has been ongoing since March 2024, following the disruption by…
This website uses cookies.