Threat Groups Using Translation Tools in Phishing Attacks

It used to be that one of the sure ways to identify a phishing email was to notice grammatical errors or broken English in the text of the communication. Thanks to new translation tools like Google Translate, which are available worldwide, threat actors can translate a phishing email into any language, so it sounds authentic to the recipient and pull off a business email compromise attack (BEC) effortlessly.

Unfortunately, that is exactly what two threat actor groups are doing as we speak. According to Abnormal Intelligence, threat groups Midnight Hedgehog, “which engages in payment fraud,” and Mandarin Capybara, “a group that executes payroll diversion attacks” have “launched BEC campaigns in at least 13 different languages.”

According to Abnormal Intelligence, threat actors are using the same legitimate commercial tools that sales and marketing teams use to launch BEC campaigns, including collecting “leads” in a state or country. Using translation tools, they can launch multiple campaigns in different countries using the same text translated into the native language.

Midnight Hedgehog launches payment fraud attacks by targeting finance personnel and executives involved in financial transactions by spoofing the CEO. Before doing so, they “thoroughly research their target’s responsibilities and relationship to the CEO and then create spoofed email accounts that mimic a real account.”

The Mandarin Capybara group also impersonates executives and targets human resources personnel to carry out payroll diversion schemes to change direct deposit information to divert the executive’s pay to a fraudulent bank account. To combat these attacks, Abnormal Intelligence suggests that companies “put procedures in place to verify outgoing payments and payroll updates and keep your workforce vigilant with security awareness training.” It also suggests beefing up security through behavioral analytics.