PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation
Essential information
- Published
- 07/04/2025 20:16
- Modified
- 07/04/2025 22:47
- Tags
- 2025-04-04 2025-04-07 bulk email coinbase crm cryptocurrency ledger phishing seed phrase poisoning supply-chain
- Related entities
- 45 observables, 1 intrusion sets (apt), 2 others
Description
A new threat group, dubbed PoisonSeed, is targeting enterprise organizations and individuals outside the cryptocurrency industry. The campaign focuses on phishing CRM and bulk email providers' credentials to export email lists and send bulk spam. The attackers use a cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into compromising their wallets. Similarities have been detected between PoisonSeed, Scattered Spider, and CryptoChameleon, but the campaign is being classified separately due to unique characteristics. The attackers have set up phishing pages for prominent CRM and bulk email companies, including Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho. Once credentials are phished, the process of bulk downloading email lists appears to be automated. The campaign also involves spam sent from compromised accounts, including a notable breach of an Akamai SendGrid account.