Infoblox Exposes Savvy Seahorse, a DNS Threat Actor Behind Massive Financial Scams


Infoblox Inc., a leader in cloud networking and security services, reveals the details of Savvy Seahorse in a new threat intel report. Savvy Seahorse is a DNS threat actor that has been deceiving victims into depositing funds into fraudulent investment platforms, falsely attributed to renowned entities such as Tesla, Meta, or Imperial Oil. To achieve this they used a variety of advanced lure techniques, such as fake chatbots, Meta Pixel tracking, and multiple payment processing domains.

The threat intel report, titled “Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads”, demonstrates how Savvy Seahorse uses a previously unreported technique of abusing the Domain Name System to distribute traffic for their scam campaigns and avoid detection. It provides a comprehensive analysis of Savvy Seahorse’s operations (that date back as early as August 2021), infrastructure, and techniques, as well as indicators of activity to help security professionals and organizations detect and block this threat actor.

Imagine you’re scrolling through Facebook and you see an ad for a new investment platform promising high returns. This is like seeing a sign for a new bank in town offering a great interest rate. You click on the ad and it takes you to a website that looks professional and trustworthy, just like walking into a sleek, modern bank branch.

This is where Savvy Seahorse comes in. They’re the ones who put up that ad and created that website. But unlike a legitimate bank, they’re not interested in helping you grow your money. They’re interested in stealing it.

Also Read: Vendor Risk Management Best Practices for B2B Companies

Here’s how they do it:

        Fake Investment Platforms: Just like a fake bank might try to get you to deposit your money with them, Savvy Seahorse lures users into fake investment platforms. These platforms might look real, but they’re just a front for their scam.

        Personal Information: Once you’re on their platform, they’ll ask for your personal and financial information. It’s like a fake bank asking for your Social Security number and bank account details.

        Changing Tactics: Savvy Seahorse is sneaky. They change their IP addresses (like changing their physical location) and create multiple subdomains (like opening up multiple fake bank branches) to avoid getting caught.

Infoblox’s Head of Threat Intel, Dr. Renee Burton, is available for interviews and comments on this topic.

Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.