A Chilling New Trend: Cybercriminals Now Offer Bitcoin Bounties to Harass Executives
The landscape of corporate cybercrime is evolving in a deeply concerning direction. A new and aggressive tactic has emerged where threat actors are publicly offering cryptocurrency bounties to individuals willing to harass specific corporate executives and employees. This disturbing strategy marks a significant shift from traditional, stealthy hacking methods to brazen, psychological warfare designed to break down an organization’s human defenses.
This new model operates with alarming simplicity. A cybercriminal group posts a target—often a high-level executive, IT administrator, or employee with access to sensitive systems—on a public channel like Telegram. They then offer a payment, typically in Bitcoin, to anyone who will relentlessly bombard the target with phone calls, text messages, and other forms of digital harassment.
The goal isn’t just to cause distress; it’s a calculated step in a larger cyberattack. The primary objective is to pressure, exhaust, or trick the targeted employee into divulging critical security information. This can include:
- Login Credentials: Forcing an employee to give up their username and password.
- Multi-Factor Authentication (MFA) Codes: Annoying a target until they approve a login request or share a one-time code. This is a form of “MFA fatigue” attack.
- SIM Swapping: Gathering enough personal information through intimidation to trick a mobile carrier into transferring the victim’s phone number to a criminal-controlled SIM card.
- Remote Access: Coercing an employee into running software that grants the attacker remote access to their workstation and the corporate network.
This method of crowdsourcing harassment is particularly dangerous because it blurs the line between a digital threat and a real-world personal attack. It moves beyond the screen and directly into an employee’s life, creating immense psychological pressure that can lead to security lapses that would not occur under normal circumstances. This approach is reminiscent of tactics employed by the notorious Lapsus$ extortion group, which successfully used social engineering and insider threats to breach major corporations like Microsoft, Nvidia, and Okta.
How to Protect Your Organization and Executives
This evolution in cyber threats requires a parallel evolution in defensive strategies. Simply relying on firewalls and antivirus software is no longer sufficient. Organizations must adopt a multi-layered approach that protects their most valuable and vulnerable asset: their people.
Here are actionable steps every company should consider implementing immediately:
Educate and Empower Key Personnel: Conduct specialized security awareness training for executives and employees with privileged access. This training must go beyond standard phishing simulations and cover social engineering, harassment tactics, and MFA fatigue. Ensure they know how to recognize and, most importantly, who to report these attacks to without delay.
Enhance Digital Privacy and Hygiene: Encourage executives and key employees to scrub their personal information from the internet. This includes removing personal phone numbers, home addresses, and family details from social media profiles and data broker websites. The less information publicly available, the harder it is for attackers to target them effectively.
Strengthen Authentication Measures: If you are still using simple push-based MFA, it’s time to upgrade. Implement more robust, phishing-resistant authentication methods like FIDO2-compliant hardware security keys (e.g., YubiKey) or MFA systems that require number matching. These methods make it significantly harder for an attacker to succeed even if they have the employee’s password.
Establish Clear Incident Response Protocols: Develop and communicate a clear, simple protocol for what an employee should do the moment they feel they are being targeted. They should know who to contact in the security team 24/7 and be assured that they will be supported, not blamed. A rapid response can be the difference between a failed attempt and a catastrophic breach.
Monitor for Emerging Threats: Proactively monitor dark web forums and public channels where such bounties might be posted. Early intelligence can provide your security team with a crucial heads-up, allowing them to warn and protect potential targets before an attack even begins.
The rise of harassment-for-hire schemes is a stark reminder that cybersecurity is not just a technological challenge but a human one. By preparing for these intensely personal attacks, organizations can build resilience and better protect their data, their assets, and their people from this aggressive new frontier of cybercrime.
Source: https://go.theregister.com/feed/www.theregister.com/2025/10/06/scattered_lapsus_bitcoin_reward/
