Insider threats and some real case examples of 2022

Published by Reza Rafati on

In the last year we have seen multiple cases where cybercriminals try to find people inside companies that are willing to perform an criminal action for some financial funds. On underground forums a lot of offers are placed where criminals state that they have access to an specific company or have an insider like an system administrator that is willing to do some actions. In this Cyberwarzone post on Insider threats we will take a look at some actual Insider Threat cases.

European crypto exchange

Insider admin in European Crypto Exchange

In this specific case, a thread on an cybercrime forum states that the topic starter has a friend in a European crypto exchange. The topic starter explains that his buddy is able to perform manual checks on KYC, and can actually manually approve KYC. The fact that he can manually approve KYC means that accounts that will be used for criminal purposes can be registered easily. The only item needed is the email address that is used for the registration. The email address will then be shared with the insider and the KYC will be accepted without any controls. The picture of this specific thread was shared on Twitter.

Lapsus group

Let’s not forget about the Lapsus ransomware group. These threat actors would actually contact employees of specific companies and would ask them if they would be interested in performing some actions on computer systems. These actions would provide the Lapsus group access to the company network. In return the Lapsus group would share some funds with the insider.

Lapsus group offering 20K in return for some access to ATT, Verizon or T-mobile

Share this information

Reza Rafati

Founder of