Photo credit: www.csoonline.com
Activities Align with CryptoChameleon
Recent investigations into cybersecurity threats have led experts to connect the actions of PoisonSeed actors more closely with the CryptoChameleon advanced phishing kit rather than the previously identified group, Scattered Spider. This perspective comes from Silent Push, a cybersecurity firm that has been analyzing phishing activities this year.
The domain mailchimp-sso[.]com serves as a pivotal point in these discussions. Initially registered with Porkbun prior to a previous attack, it was transferred to NiceNic on March 24, 2025—a domain registrar noted for its association with both the Scattered Spider group and CryptoChameleon. This move has led analysts to consider the implications of such registrations for ongoing cyber threats.
Furthermore, the methodology employed by PoisonSeed, particularly their cryptocurrency seed phrase poisoning attacks, does not align with the tactics, techniques, and procedures (TTPs) typically associated with Scattered Spider. Silent Push has continued to observe Scattered Spider’s activities into 2025, with notable targeting of prominent brands like Credit Karma, Forbes, Nike, Louis Vuitton, and Vodafone, highlighting their persistent threat in the landscape of cybercrime.
Source
www.csoonline.com