Kroll SIM swapping attack, has impacted three major cryptocurrency organization, that are noted bankrupt.
The three known cryptocurrency firm (FTX, BlockFi, and Genesis) that went bankrupt, has suffered a massive data breach; as SIM Swapping attack was discovered to target Kroll a Risk, and Financial advisory firm.
Last week the organization Kroll published about the new tricks threat actors utilized in porting their employees T-Mobile phone-number, to another number, that is controlled by the threat actors.
“We were recently informed that on Saturday, August 19, 2023, a cyber threat actor targeted a T-Mobile US., Inc. account belonging to a Kroll employee in a highly sophisticated “SIM swapping” attack. Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor’s phone at their request. As a result, it appears the threat actor gained access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis.”
The organization took a swift action, and secured the three customers account that were affected, and issued an urgent email to notify the individuals immediately.
How the Attack was conducted:
The attackers are said to have gained access to files that stores sensitive information such as name, address, emails, and FTX account balance. In an email notification sent, the company stated that Kroll does not store FTX account passwords, and Digital Systems and Assets belonging to FTX, were not affected.
The crypto-company FTX, also issued a warning to its customers to be on high-alert on possible Scam and Fraud attempts, intending to impersonate the organizations three crypto-company in bankruptcy process.
The threat actors swoop into action not waiting long enough after Kroll sent a warning email; as customers started receiving phishing emails on their eligibility to withdraw their funds.
Genesis the second crypto-firm on the list, also issued a warning email to its customers, after Kroll, experienced the breach.
Kroll also issued a list of information and request the attackers might make when contacting the affected victims, and stated that such information would never be requested of them by Kroll.
Please do let us know in the comment section what are your thoughts about this.