Date : 2/23/2021 6:50:09 AM
From : "IMMR"
To : "michalko@justice.gov.il"
Subject : USA FinCEN Requests(Scott, Donnaceia)





-------- Forwarded Message --------
Subject: Re: Request for information on mobile device emulators attack
Date: Mon, 22 Feb 2021 17:17:58 -0500
From: USA FinCEN Requests(Scott, Donnaceia) <USA.FinCEN.Requests@egmont.org>
To: IMPA <impa@egmont.org>


Dear Colleagues -

Are the relative subject names available associated with this inquiry.  FinCEN

On 2/22/2021 8:20 AM, IMPA wrote:
Dear colleagues,

It was brought to our attention by the Israeli National Financial CERT (Cyber Emergency Response Team) within the Israeli Ministry of Finance, that during the past months, multiple sources reported a huge automated cyber-attack against financial institutions. It is said that the attack was perpetrated by the use of mobile device emulators, which enabled hackers to steal millions of USD from customers of US and European banks, by getting all needed information from malware mobile device of victim.

the Israeli National Financial CERT contacted our colleagues in the US Treasury (in OOCIP and financial-cyber) and they have indicated that FinCEN have some information about the above cyber-attacks. They are interested in receiving any information about this highly important incident, in order to better understand this attack vector and how to better protect the Israeli Financial sector, as well as to learn about new typologies and responses, red flags etc.

We are therefore contacting FinCEN and ask for information and data about the incidents that can be shared with the Israeli financial CERT; specifically, they are interested in attackers' identities and TTPs, account details and TTPs of transactions made, how cash-out was accomplished, the amount of compromised accounts, relevant IOCs and any other significant information.

It should be noted that the Israeli National Financial CERT is not an investigative authority, nor a law enforcement agency; therefore information intended for dissemination to them cannot be classified or for FIU use only, but can be "for official use only".  We would be grateful if you can provide us with information that can be disseminated to the Israeli National Financial CERT accordingly.

If such information cannot be provided, or dissemination approval cannot be granted, we would appreciate receiving a version of the information for use by IMPA, for intelligence purposes only.

Many thanks in advance,

IMPA