Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Phantom Phishing: The Rise of PoisonSeed Attacks




A new type of phishing attack, dubbed PoisonSeed, has been identified that leverages compromised CRM accounts to launch cryptocurrency seed phrase poisoning attacks, potentially draining victims' digital wallets and compromising their sensitive data. This attack campaign targets enterprise organizations and individuals outside the cryptocurrency industry, with prominent companies like Coinbase and Ledger being among the targeted entities.

The attackers use phishing kits to trick high-value targets into providing their credentials, which they then use to create API keys for persistence even if the stolen password is reset by its owner. The attacks involve sending spam messages containing cryptocurrency seed phrases, often embedded in emails that appear to be from legitimate sources, such as CRM and bulk email providers.

The PoisonSeed campaign is distinct from other threat actors Scattered Spider and CryptoChameleon, which are part of a broader cybercrime ecosystem called The Com. However, the phishing kit used by PoisonSeed does not share any similarity with those used by the other two threat clusters, raising questions about its origin and intentions.

This article provides an in-depth analysis of the PoisonSeed attack campaign, including its tactics, techniques, and procedures (TTPs), as well as its implications for enterprise organizations and individuals outside the cryptocurrency industry.

  • The PoisonSeed campaign leverages compromised CRM accounts to launch cryptocurrency seed phrase poisoning attacks.
  • Attackers send spam messages with cryptocurrency seed phrases, often appearing to come from legitimate sources.
  • The attackers use phishing kits to trick victims into providing their credentials, which are then used to maintain access and transfer funds.
  • The campaign targets enterprise organizations and individuals outside the cryptocurrency industry, including prominent companies like Coinbase and Ledger.
  • Further analysis is needed to determine the true extent of this attack campaign and its implications for victims.



  • The cybersecurity landscape has seen an increase in sophisticated phishing attacks that target high-value targets, including enterprise organizations and individuals. One such attack campaign, dubbed PoisonSeed, has been identified that leverages compromised CRM accounts to launch cryptocurrency seed phrase poisoning attacks.

    According to a recent analysis by Silent Push, the PoisonSeed campaign involves sending spam messages containing cryptocurrency seed phrases to potential victims. These emails often appear to be from legitimate sources, such as CRM and bulk email providers, making it challenging for recipients to distinguish between genuine and malicious communications.

    The attackers use phishing kits to trick high-value targets into providing their credentials, which they then use to create API keys for persistence even if the stolen password is reset by its owner. This approach allows the attackers to maintain access to the compromised accounts and transfer funds from those wallets using the same recovery phrase embedded in the email.

    The PoisonSeed campaign appears to be targeting enterprise organizations and individuals outside the cryptocurrency industry, with prominent companies like Coinbase and Ledger being among the targeted entities. However, it is worth noting that the phishing kit used by PoisonSeed does not share any similarity with those used by other threat actors Scattered Spider and CryptoChameleon, which are part of a broader cybercrime ecosystem called The Com.

    This raises questions about the origin and intentions of the PoisonSeed campaign. Is it a brand new phishing kit from CryptoChameleon, or is it a different threat actor that just happens to use similar tradecraft? Further analysis is needed to determine the true extent of this attack campaign and its implications for enterprise organizations and individuals.

    In recent months, there have been reports of a Russian-speaking threat actor using phishing pages hosted on Cloudflare-branded domains to deliver malware that can remotely control infected Windows hosts. This development highlights the evolving nature of cyber threats and the need for businesses and individuals to remain vigilant in their security practices.

    The PoisonSeed attack campaign is just one example of the sophisticated phishing attacks that are being used by threat actors to compromise sensitive data. As the cybersecurity landscape continues to evolve, it is essential for organizations and individuals to stay informed about emerging threats and take proactive measures to protect themselves.

    In this article, we will provide an in-depth analysis of the PoisonSeed attack campaign, including its tactics, techniques, and procedures (TTPs), as well as its implications for enterprise organizations and individuals outside the cryptocurrency industry. We will also explore the broader context of cybercrime ecosystems and the role that threat actors like Scattered Spider and CryptoChameleon play in these networks.

    The analysis will be based on publicly available information, including reports from security researchers and threat intelligence agencies. We will provide a detailed examination of the PoisonSeed attack campaign, including its targeting, tactics, techniques, and procedures (TTPs), as well as its implications for enterprise organizations and individuals outside the cryptocurrency industry.

    In conclusion, the PoisonSeed attack campaign represents a significant escalation in the use of phishing attacks to compromise sensitive data. As the cybersecurity landscape continues to evolve, it is essential for businesses and individuals to remain vigilant in their security practices and stay informed about emerging threats.

    By understanding the tactics, techniques, and procedures (TTPs) used by threat actors like PoisonSeed, organizations and individuals can take proactive measures to protect themselves against similar attacks in the future. This article aims to provide a comprehensive analysis of the PoisonSeed attack campaign, including its targeting, tactics, techniques, and procedures (TTPs), as well as its implications for enterprise organizations and individuals outside the cryptocurrency industry.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Phantom-Phishing-The-Rise-of-PoisonSeed-Attacks-ehn.shtml

  • https://thehackernews.com/2025/04/poisonseed-exploits-crm-accounts-to.html


  • Published: Mon Apr 7 05:15:05 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us