Full Report
Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'
Analysis Summary
# Threat Actor: Neanderthals (Cybercriminal Groups)
## Attribution & Identity
**Description:** The term 'Neanderthals' refers to dozens of cybercriminal groups engaging in malicious operations.
**Aliases/Associations:** Associated with the use of the Telekopye toolkit and targeting 'Mammoths' (inexperienced users).
## Activity Summary
Neanderthals are engaged in ongoing malicious operations, primarily focused on scamming inexperienced users ('Mammoths') on online marketplaces. Recently, their hunting grounds have expanded, including hotel booking scams. The researchers revisited and updated previous findings regarding this cybercriminal ecosystem. Operations 'RIP' and 'Victory' by Czech and Ukrainian police forces were mentioned for evaluation regarding their impact on these groups.
## Tactics, Techniques & Procedures
- **Social Engineering:** Employing social engineering techniques to ensnare victims.
- **Malicious Tools:** Wielding the Telekopye toolkit.
- **Delivery Mechanism:** Utilizing a malicious Telegram bot (Telekopye bot) for operations.
- **Scam Scenarios:** Frequent use of specific scam scenarios.
## Targeting
- **Sectors:** Online marketplaces (primary focus); recently expanded to include hotel booking services.
- **Geography:** Not explicitly detailed, but operations involve victims targeted across online platforms.
- **Victims:** Inexperienced users, nicknamed 'Mammoths'.
## Tools & Infrastructure
- **Malware families used:** Telekopye toolkit (delivered via a malicious Telegram bot).
- **Infrastructure (C2, domains, IPs):** Malicious Telegram bot known as Telekopye.
## Implications
The activity represents a persistent threat from numerous cybercriminal groups leveraging social engineering and seemingly simple tools (like Telegram bots) to scam inexperienced users primarily operating on digital marketplaces. Law enforcement actions (Operations RIP and Victory) are being monitored for potential disruption.
## Mitigations
- Be cautious of scams prevalent on online marketplaces.
- Understand the social engineering techniques employed by scammers.
- Consult ESET's latest research papers for in-depth information on the Telekopye bot and 'Neanderthal' operations.