‘London Blue’ hacker group targets 35,000 chief financial officers

A hacker group has compiled a list of 35,000 chief financial officers, some working at the world’s biggest banks and mortgage companies, so it can target them with requests to transfer money.


The “London Blue” hackers are the latest group to focus on “business email compromise” (BEC) campaigns, according to the cyber threat detection company Agari, which found a list of 50,000 targets. Most of the rest of the people on the list were in accounting departments.

Agari has handed its evidence to the US and UK law enforcement agencies. If members of the hacking group are found to be based in the UK and US, it could be easier to prosecute them than in other territories.

Commenting on the rise of BEC campaigns in targeting CFOs and the global threat posed by London Blue, is Tim Sadler, co-founder and CEO at Tessian:

“Business email compromise (BEC) campaigns, like any other strong-form impersonation email attack, seek to defraud an organisation of money or sensitive information by spoofing a trusted individual’s identity and hijacking their relationship with an unsuspecting colleague in order to reveal the necessary information.


In this case, the unsuspecting individuals are CFOs at globally renowned financial institutions. As Agari’s research highlights, high profile and C-level employees of financial institutions are becoming increasingly popular targets of BEC scams because they have access to lucrative data and have the power to authorise high-value money transfers. The Pathé incident from a few weeks, in which 19 million euros was stolen after the company’s CFO was duped by a BEC email scam, also emphasises how effective, and costly, these attacks can be.


It is clear that no employee, regardless of seniority, is safe from the threat of spear-phishing. As long as a willing attacker can gain access to the requisite information, and email networks remain open and unprotected, they can effectively masquerade as an employee in order to exploit those that have the power to manage and release company funds. With access to global contact lists and a deftness for strong-form impersonation methods, London Blue have the resources and know-how to extract money at a great scale.”