Researchers at leading cyber-security company Check Point have revealed how Chinese hackers were able to steal $1 million from a Chinese venture capital firm through a simple but convincing business email compromise (BEC) scam.
The $1M was seed funding that was intended for an Israeli start-up company. Neither the VC nor the start-up suspected anything was wrong, until the start-up realized they hadn’t received the funding. Both sides then got on the phone and quickly realised that the money had been stolen.
The companies (not named by Check Point), reached out to Check Point’s incident response team once they were aware of the theft. After analysing the server logs, emails, and the computers involved in correspondence between the companies, Check Point uncovered a carefully-planned and executed man-in-the-middle attack. Some of the emails between the VC firm and the start-up had been intercepted and modified. Others hadn’t even been written by either organization.