Proofpoint tracks multiple threats known as Sha Zhu Pan, or “Pig Butchering” threats. These are confidence-based threats similar to romance scams. The threat actors lure a victim into depositing cryptocurrency into a fake cryptocurrency exchange. The threat actor steals the money. These threats are typically managed by a large industry of professional fraud actors. They can be initiated on dating apps, or social media platforms, or via text messages. Proofpoint researchers have spent the last three months engaged with numerous threat actors and developed detections to combat this growing threat. Based on our interactions the threat actors do little, if any, reconnaissance in the target selection phase Threat actors are trained to not click links. All attempts to send them tracking links were met with rebuke and often resulted in being blocked.
ADVERSARY: Pig Butchering
ATT&CK ID: T1566 - Phishing