{"id":1132,"date":"2022-04-25T18:26:35","date_gmt":"2022-04-25T12:56:35","guid":{"rendered":"http:\/\/threatcop.com\/blog\/?p=1132"},"modified":"2024-08-12T10:22:40","modified_gmt":"2024-08-12T04:52:40","slug":"cosmic-lynx","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/","title":{"rendered":"Cosmic Lynx: Russian Group Behind BEC Attacks"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Why target an individual when you can go after more lucrative targets like large MNCs and achieve greater rewards? This is what the Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing right now! This group of cybercriminals has been launching numerous Business Email Compromise (BEC) attacks targeting several MNCs, especially those listed in the Fortune 500 or Global 2000!<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#Who_is_Cosmic_Lynx\" >Who is Cosmic Lynx?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#What_is_BEC_Attack\" >What is BEC Attack?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#How_Cosmic_Lynx_Carried_Out_BEC_Attack\" >How Cosmic Lynx Carried Out BEC Attack?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#How_to_Prevent_BEC_Attacks\" >How to Prevent BEC Attacks?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#Email_Security_Solution_to_Prevent_BEC_Attacks\" >Email Security Solution to Prevent BEC Attacks<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#Take_Decision_and_Become_Proactive\" >Take Decision and Become Proactive<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Who_is_Cosmic_Lynx\"><\/span><span style=\"color: #000000;\">Who is Cosmic Lynx?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Cosmic Lynx is a sophisticated cybercriminal group that has <\/span><b>launched around 200 BEC campaigns targeting large MNCs worldwide.<\/b><span style=\"font-weight: 400;\"> They <\/span><b>have been active since 2019, wreaking havoc specifically in 46 countries across six continents.<\/b><span style=\"font-weight: 400;\"> The <\/span><b>group impersonates C-level executives of companies<\/b><span style=\"font-weight: 400;\"> that are <\/span><b>listed in the Fortune 500 or Global 2000<\/b><span style=\"font-weight: 400;\"> to trick the employees.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Cosmic Lynx is well prepared to carry out several BEC attacks. The cybercriminal group has acquired numerous domains that imitate popular and secure email infrastructures or networks. They have registered several domains with NiceVPS, which is popularly known for its bulletproof hosting and anonymity in domain services.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_BEC_Attack\"><\/span><span style=\"color: #000000;\"><b>What is BEC Attack?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">According to <\/span><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/www.helpnetsecurity.com\/2021\/06\/25\/bec-attacks-past-year\/\" target=\"_blank\" rel=\"noopener\"><b>HelpNet Security<\/b><\/a><\/span><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">, <\/span><b>over the course of one year between June 2020 and May 2021, 71% organizations have reported cyber attacks<\/b><span style=\"font-weight: 400;\">.<\/span><\/span><\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">A business email compromise is a type of email-based attack that <\/span><b>incorporates the concepts of spoofing, <\/b><\/span><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/www.kratikal.com\/blog\/understanding-the-difference-between-spear-phishing-and-phishing\/\"><b>spear phishing<\/b><\/a><\/span><span style=\"color: #000000;\"><b>, impersonation<\/b><span style=\"font-weight: 400;\">, etc. The BEC attack is carried out by targeting an employee or an individual by impersonating another authentic individual or organization. The cybercriminals manipulate the target victim into making financial transactions or sharing crucial information. Among all the cyber threats, the BEC attacks are the most infamous for incurring immense financial damage to organizations.<\/span><\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-1133 size-large\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online-1024x683.jpg\" alt=\"Email Phishing\" class=\"wp-image-1133\" srcset=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online-1024x683.jpg 1024w, https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online-300x200.jpg 300w, https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online-768x512.jpg 768w, https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online-80x53.jpg 80w, https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online-500x333.jpg 500w, https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online-800x533.jpg 800w, https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/CSO-Online.jpg 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">(Source: CSO Online)<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Cosmic_Lynx_Carried_Out_BEC_Attack\"><\/span><span style=\"color: #000000;\"><b>How Cosmic Lynx Carried Out BEC Attack?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">According to an article from <\/span><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/www.computerweekly.com\/news\/252485856\/Cosmic-Lynx-cyber-crime-group-takes-BEC-to-new-heights\" target=\"_blank\" rel=\"noopener\"><b>Computer Weekly<\/b><\/a><\/span><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">, Cosmic Lynx\u2019s method of targeting the victim involves a <\/span><b>dual impersonation scheme.<\/b><span style=\"font-weight: 400;\"> The<\/span><b> first is to impersonate a CEO of an organization<\/b><span style=\"font-weight: 400;\"> and pretend to expand the business operations in Asia. They reach out to the target employee to approach external legal counsel for the acquisition payments.&nbsp;<\/span><\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Then they <\/span><b>impersonate a legitimate U.K.-based law firm lawyer to facilitate the transaction.<\/b><span style=\"font-weight: 400;\"> In order <\/span><b>to receive the stolen funds, they use Hong Kong-based mule accounts, but sometimes they also work with others from countries like Portugal, Hungary, and Romania. <\/b><b>On average, they receive $55,000 in US currency.<\/b><\/span><span style=\"font-weight: 400;\"><span style=\"color: #000000;\"> However, they demand hundreds of thousands, if not millions, of dollars from the target.<\/span>&nbsp;<\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-10055 size-full\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"400\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Difesa-e-Sicurezza.jpg\" alt=\"Email Phishing\" class=\"wp-image-10055\"\/><figcaption class=\"wp-element-caption\">(Source: Difesa e Sicurezza)<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Prevent_BEC_Attacks\"><\/span><span style=\"color: #000000;\"><b>How to Prevent BEC Attacks?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-text-align-center wp-block-paragraph\"><span style=\"color: #000000;\"><i><span style=\"font-weight: 400;\">According to the article by <\/span><\/i><\/span><span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/www.helpnetsecurity.com\/2021\/06\/25\/bec-attacks-past-year\/\" target=\"_blank\" rel=\"noopener\"><i>HelpNet Security<\/i><\/a><\/strong><\/span><span style=\"color: #000000;\"><i><span style=\"font-weight: 400;\">, <\/span><\/i><b><i>50% of all BEC attacks are carried out by spoofing the identity<\/i><\/b><i><span style=\"font-weight: 400;\"> of an individual. Among these spoofed emails, <\/span><\/i><b><i>68% use the name of the company, 66% use the target\u2019s name, and 53% use the name of the target\u2019s managers.<\/i><\/b><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">It becomes alarming when cybercriminals bypass a security system to steal an organization\u2019s valuable information and money. Even though every organization has various cybersecurity protocols and controls in place, cybercriminals are growing more sophisticated and are coming up with new techniques and tactics to penetrate the security walls.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">So, organizations should stop relying on outdated IT infrastructure and basic cybersecurity protocols. Conversely, organizations should come up with more comprehensive security measures that are more advanced and sophisticated. In short, organizations should come up with a method that should prevent destructive BEC attacks from harming the organization and its employees in any form.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Email_Security_Solution_to_Prevent_BEC_Attacks\"><\/span><span style=\"color: #000000;\"><b>Email Security Solution to Prevent BEC Attacks<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">There are several measures an organization can take to protect itself against the threat of BEC attacks.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Instruct employees to avoid opening unsolicited emails: <\/b><span style=\"font-weight: 400;\">The most secure way to avoid the risk of BEC attacks is to instruct all your employees to avoid opening emails from unknown sources in the first place. Before opening an email, employees should always check the sender\u2019s address carefully. They must know how to look for any signs of a spoofed email.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Ask employees to be careful when clicking on links:<\/b><span style=\"font-weight: 400;\"> Keep in mind that hackers can disguise the links in emails using anchor text. However, you can ask your employees to hover over the links embedded in emails to find out their destination. Make sure they know to investigate the link to make sure it\u2019s legitimate before they click on it.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Tell your employees to avoid downloading attachments:<\/b><span style=\"font-weight: 400;\"> Attachments are one of the most common methods used to spread malware through emails. Attachments from unknown sources must never be opened or downloaded without certain precautions. It is always advisable to scan every attachment before downloading even if it\u2019s the one your employees were expecting.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Use a company domain:<\/b><span style=\"font-weight: 400;\"> Using free web-based email accounts for your business makes it easier for malicious actors to spoof the address. It is highly recommended that you create a company domain and use it for your email accounts. Cybercriminals may still try to impersonate your address. However, employees will be able to spot incorrect emails or inconsistencies.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Email authentication:<\/b><span style=\"font-weight: 400;\"> There are three email authentication standards- <\/span><a style=\"color: #000000;\" href=\"https:\/\/kdmarc.com\/blog\/spf-an-authentication-technique-for-dmarc\/?utm_source=Cosmic%20Lynx%20Takes%20BEC%20Attacks%20to%20New%20Heights!&amp;utm_medium=KDMARC%20Blog&amp;utm_campaign=Blog\"><b>SPF<\/b><\/a><span style=\"font-weight: 400;\">, <\/span><a style=\"color: #000000;\" href=\"https:\/\/kdmarc.com\/blog\/dkim-the-advance-authentication-technique-for-dmarc\/\"><b>DKIM<\/b><\/a><span style=\"font-weight: 400;\">, and <\/span><a href=\"https:\/\/threatcop.com\/blog\/what-is-dmarc\/\"><b>DMARC<\/b><\/a><span style=\"font-weight: 400;\">, that can be used to secure your email domain against forgery.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Security Awareness Training: <\/b><span style=\"font-weight: 400;\">Every organization can conduct attack vector simulations to identify the vulnerabilities of employees and train them accordingly. This training will increase their cybersecurity awareness and make them vigilant about BEC attacks.<\/span><\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Take_Decision_and_Become_Proactive\"><\/span><span style=\"color: #000000;\">Take Decision and Become Proactive<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Whether it is Cosmic Lynx or any other cybercriminal group, impersonation of your email domains can harm your organization in many different ways. The damage can be in terms of money, defamation of your brand, or even a decrease in domain reputation. It also harms the customers\u2019 trust, who are completely relying on your services and choose your business above all.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Therefore, it is crucial for organizations to implement robust cybersecurity measures to defend against email domain forgery. So, keeping that in mind, it should be mandatory for every organization to protect their businesses, employees, and valuable customers. The best way to do that is by keeping up with the security measures and being one step ahead of the malicious actors.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why target an individual when you can go after more lucrative targets like large MNCs and achieve greater rewards? This is what the Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing right now! This group of cybercriminals has been launching numerous Business Email Compromise (BEC) attacks targeting several MNCs, especially those listed in the Fortune [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2511,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47],"tags":[],"class_list":["post-1132","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-miscellaneous"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cosmic Lynx: Russian Threat Group Carrying Out BEC Attack<\/title>\n<meta name=\"description\" content=\"Why target an individual when you can go after more lucrative targets? Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing same.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cosmic Lynx: Russian Threat Group Carrying Out BEC Attack\" \/>\n<meta property=\"og:description\" content=\"Why target an individual when you can go after more lucrative targets? Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing same.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/cosmic-lynx\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-25T12:56:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-12T04:52:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Cosmic-Lynx.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Cosmic Lynx: Russian Group Behind BEC Attacks\",\"datePublished\":\"2022-04-25T12:56:35+00:00\",\"dateModified\":\"2024-08-12T04:52:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/\"},\"wordCount\":991,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/Cosmic-Lynx.webp\",\"articleSection\":[\"Miscellaneous\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/\",\"name\":\"Cosmic Lynx: Russian Threat Group Carrying Out BEC Attack\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/Cosmic-Lynx.webp\",\"datePublished\":\"2022-04-25T12:56:35+00:00\",\"dateModified\":\"2024-08-12T04:52:40+00:00\",\"description\":\"Why target an individual when you can go after more lucrative targets? Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing same.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/Cosmic-Lynx.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/Cosmic-Lynx.webp\",\"width\":1250,\"height\":1200,\"caption\":\"Cosmic Lynx\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/cosmic-lynx\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cosmic Lynx: Russian Group Behind BEC Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cosmic Lynx: Russian Threat Group Carrying Out BEC Attack","description":"Why target an individual when you can go after more lucrative targets? Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing same.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/","og_locale":"en_US","og_type":"article","og_title":"Cosmic Lynx: Russian Threat Group Carrying Out BEC Attack","og_description":"Why target an individual when you can go after more lucrative targets? Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing same.","og_url":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2022-04-25T12:56:35+00:00","article_modified_time":"2024-08-12T04:52:40+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Cosmic-Lynx.webp","type":"image\/webp"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Cosmic Lynx: Russian Group Behind BEC Attacks","datePublished":"2022-04-25T12:56:35+00:00","dateModified":"2024-08-12T04:52:40+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/"},"wordCount":991,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Cosmic-Lynx.webp","articleSection":["Miscellaneous"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/cosmic-lynx\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/","url":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/","name":"Cosmic Lynx: Russian Threat Group Carrying Out BEC Attack","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Cosmic-Lynx.webp","datePublished":"2022-04-25T12:56:35+00:00","dateModified":"2024-08-12T04:52:40+00:00","description":"Why target an individual when you can go after more lucrative targets? Russian cybercriminal group called \u2018Cosmic Lynx\u2019 is doing same.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/cosmic-lynx\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Cosmic-Lynx.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Cosmic-Lynx.webp","width":1250,"height":1200,"caption":"Cosmic Lynx"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/cosmic-lynx\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cosmic Lynx: Russian Group Behind BEC Attacks"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=1132"}],"version-history":[{"count":16,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1132\/revisions"}],"predecessor-version":[{"id":11614,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1132\/revisions\/11614"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/2511"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=1132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=1132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=1132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}