For less than 30 minutes hackers took over and defaced Donald Trump’s campaign website. The incident took place at the backdrop of heightened scrutiny for possible digital interference with the presidential election. The hackers appear to have been cryptocurrency scammers looking to fleece cryptocurrencies from unsuspecting Trump campaign website’s visitors.
LIFARS’ Cyber Threat Hunting is an essential exercise to proactively investigate potential compromises, detect advanced threats, and improve cyber defenses.
The hackers defaced the website donaldjtrump.com with a fake FBI notice that read in part: “This site was seized.” The hackers claimed to have gained access to Trump’s private communications and found evidence of wrongdoing. They provided no evidence to support that claim.
Both users who wished to see the supposed evidence made public and those opposed to that were given two cryptocurrency wallet addresses where they could send payments in Monero, an easy-to-send but hard-to-track digital currency. Visitors would be effectively using the payments to vote on whether the hackers should release the private communications they claimed to have.
The cybercriminals claimed that the private communications they had obtained explained the origin of the coronavirus. They claimed to be exposing Trump’s lies stating in broken English:
“the world has had enough of the fake-news spreaded daily by president donald j trump. it is time to allow the world to know truth.”
This hack followed a common cybercriminals’ script: getting access to a high visibility platform like a celebrity’s Twitter account and then using the often brief appearance to convince as many people as possible to irreversibly send cryptocurrencies to a hard-to-track digital address.