Researchers from Agari have spotted a new Vendor Email Compromise (VEC) scam carried out by a cybercriminal group dubbed ‘Silent Starling’. This scam campaign targets the customers of vendors and contractors.
About the group
Silent Starling group constitutes of three main threat actors. Silent Starling moved to the VEC scam as a major attack type in 2018. Since then, the group has targeted over 700 employee email accounts from around 500 companies. These compromised email accounts have provided over 20,000 sensitive emails.
Most of the victims were located in the United States, Canada, and the United Kingdom, followed by Central America, East Asia, and Europe.
How does VEC scam work?
“The entity that is most impacted by a VEC attack is not the original victim of the initial attack where the account was compromised. Rather, is a completely separate organization—the compromised vendor’s customer. In a rather cruel twist, these customers have no control over the security of the system where the attack began and thus have no real way to defend against it,” researchers explained.