{"id":7683,"date":"2025-09-30T17:21:11","date_gmt":"2025-09-30T11:51:11","guid":{"rendered":"https:\/\/shreshtait.com\/blog\/?p=7683"},"modified":"2025-09-30T21:14:38","modified_gmt":"2025-09-30T15:44:38","slug":"sbi-crypto-investment-campaign","status":"publish","type":"post","link":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/","title":{"rendered":"SBI Crypto Investment Campaign"},"content":{"rendered":"\n<p><a href=\"https:\/\/shreshtait.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Shreshta Threat Research<\/a> has uncovered a SBI crypto investment campaign targeting cryptocurrency users across Japan, Vietnam, South Korea, China, Thailand, and the United Kingdom.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-executive-summary\">Executive Summary<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.sbinvestment.co.jp\/en\/\" target=\"_blank\" rel=\"noreferrer noopener\">SBI Investment Co., Ltd<\/a> is the core company in the SBI Group&#8217;s Investment Business. It is one of the leading venture capital firm in Japan. <\/p>\n\n\n\n<p>Initial domain level indicators suggest a broader operation, leveraging professionally crafted look alike websites impersonating SBI Investment Co., Ltd. <\/p>\n\n\n\n<p>These scams impersonate well-known platforms, leverage scalable systems, and employ sophisticated tactics. As a result, victims suffer financial losses while the platforms themselves face reputational damage.<\/p>\n\n\n\n<p>Signup to our <a href=\"https:\/\/shreshtait.com\/blog\/#newsletter\">newsletter<\/a> to receive the latest cyber threats and research.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-key-findings\">Key Findings<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Impersonation &amp; Deception<\/strong> \u2013 The threat actors imitate trusted exchange platforms and use keywords in domain name that are similar to the targeted company to gain trust.(Figure 1.1)<\/li>\n\n\n\n<li><strong>Credential &amp; Identity Theft<\/strong> \u2013 Extract login credentials and PII such as username, email, passwords and ID front, ID back, ID handheld photos for loan assistance<\/li>\n\n\n\n<li><strong>Client-Side Exploitation<\/strong> \u2013 Hijack wallet transactions in the browser<\/li>\n\n\n\n<li><strong>Regional Targeting<\/strong> \u2013 The main focus of the threat actors is on East Asian countries and the United Kingdom<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"623\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-1-2-1024x623.png\" alt=\"Phishing website impersonate SBI Investment Co., Ltd\" class=\"wp-image-7737\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-1-2-1024x623.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-1-2-300x182.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-1-2-768x467.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-1-2.png 1199w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.1 Phishing site impersonate SBI crypto exchange platform<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-techniques-used\"><strong>Techniques Used<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The subdomains all share the same hostname (\u201ch5\u201d), and platform keywords such as sbikeno, sbiklo, sbi-hot-online, sbi-root-online sbi-smart-online. In this analysis we use the keywords related to the SBI crypto investment campaign (Figure 1.1, 1.2, 1.3 1.4, 1.5).<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bare domain access returns &#8220;400\u202fBad\u202fRequest &#8221; (nginx) to enforce subdomain routing and also uses Fully Qualified Domain Name URL&#8217;s to route the traffic (Figure 1.6).<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Brand Impersonation<br><\/li>\n\n\n\n<li>Spoofed logos placed at the top-left of each homepage (see Figure 1.1, 1.2, 1.3 1.4, 1.5) for recognition and gaining user trust.<br><\/li>\n\n\n\n<li>Usage of other trusted and branded company logos to show them as     partners in DeFi mining to gain users trust to invest in DeFi<br>(Figure 1.7)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Real-time ROI calculators to imitate real exchange platforms<br>(Figure 1.8)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Credential &amp; PII Theft<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fake login and PII harvest:<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Username, Email addresses &amp; mobile numbers (Figure 1.9, 1.10 and 1.11)<br><\/li>\n\n\n\n<li>Account passwords<br><\/li>\n\n\n\n<li>ID document scans (front, back, and handheld ID) (Figure 1.12)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Wallet Hijacking<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All portals load an externally hosted JavaScript (1.js) on hw[.]rangwodf[.]cc (Figure 1.13)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On devices running Windows OS, it intercepts BTC\/ETH\/TRC20 wallet fields for deposit and withdrawal and silently replaces them with attacker-controlled addresses<\/li>\n<\/ul>\n\n\n\n<p>Code snippet 1 illustrates the behavior on Windows systems, while Code snippet 2 demonstrates the behavior on non-Windows systems.<\/p>\n\n\n\n<p><strong>Windows Users \u2013 Code Snippet 1<\/strong><\/p>\n\n\n\n<ol style=\"list-style-type:upper-alpha\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"64\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/image-1024x64.png\" alt=\"Javascript code snippet showing behavior on Windows OS\" class=\"wp-image-7724\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/image-1024x64.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/image-300x19.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/image-768x48.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/image.png 1400w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Non-Windows Users \u2013 Code Snippet 2<\/strong><\/p>\n\n\n\n<ol style=\"list-style-type:upper-alpha\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"686\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/code-snippet-2-1024x686.png\" alt=\"Javascript code snippet showing behavior on non-Windows OS\" class=\"wp-image-7725\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/code-snippet-2-1024x686.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/code-snippet-2-300x201.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/code-snippet-2-768x515.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/code-snippet-2.png 1400w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Deceptive investment schemes<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Victims were shown banners and messages promoting a fake \u201cUSDT Smart Contract\u201d investment with:\n<ul class=\"wp-block-list\">\n<li><strong>3% fixed return in 30 days<\/strong><\/li>\n\n\n\n<li><strong>Minimum investment of 10,000 USDT<\/strong><\/li>\n\n\n\n<li><strong>Maximum cap of 5,000,000 USDT<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The investment was positioned as a time limited DeFi staking or mining opportunity.(Figure 1.14)<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"630\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-2-8-1024x630.png\" alt=\"Phishing website impersonate SBI Investment Co., Ltd\" class=\"wp-image-7746\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-2-8-1024x630.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-2-8-300x184.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-2-8-768x472.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-2-8.png 1184w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.2 Phishing site-2 imitating crypto exchange platform<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"635\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-3-1-1024x635.png\" alt=\"Phishing website impersonate SBI Investment \" class=\"wp-image-7751\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-3-1-1024x635.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-3-1-300x186.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-3-1-768x476.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-3-1.png 1192w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.3 Phishing site-3 imitating crypto exchange platform<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"626\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-4-1024x626.png\" alt=\"Phishing website impersonate SBI Investment \" class=\"wp-image-7753\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-4-1024x626.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-4-300x184.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-4-768x470.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-4.png 1195w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.4 Phishing site-4 imitating crypto exchange platform<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"621\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-5-1024x621.png\" alt=\"Phishing website impersonate SBI Investment \" class=\"wp-image-7755\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-5-1024x621.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-5-300x182.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-5-768x466.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-5.png 1205w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.5 Phishing site-5 imitating crypto exchange platform<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"625\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-6-1024x625.png\" alt=\"HTTP 400 Bad Request on direct access to phishing website\" class=\"wp-image-7757\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-6-1024x625.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-6-300x183.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-6-768x469.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-6.png 1194w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.6 Access to the main domain returns a 400\u202fBad\u202fRequest (nginx) <\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"623\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-7-1024x623.png\" alt=\"SBI Investment phishing website with logos of Coinbase, Metamask etc\" class=\"wp-image-7759\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-7-1024x623.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-7-300x182.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-7-768x467.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-7.png 1199w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.7 Usage of trusted and branded company logos to show them as partners in DeFi mining.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"625\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-8-1024x625.png\" alt=\"SBI Investment phishing website with real-time ROI calculators and graphs\" class=\"wp-image-7761\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-8-1024x625.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-8-300x183.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-8-768x469.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-8.png 1197w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.8  Real-time ROI calculators to imitate real exchange platforms<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"624\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-9-1024x624.png\" alt=\"SBI Investment phishing website login page\" class=\"wp-image-7763\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-9-1024x624.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-9-300x183.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-9-768x468.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-9.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.9 Fake login and PII harvest<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"621\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-10-1024x621.png\" alt=\"SBI Investment phishing website login page\" class=\"wp-image-7765\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-10-1024x621.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-10-300x182.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-10-768x466.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-10.png 1204w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.10 Fake login and PII harvest<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"617\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-11-1024x617.png\" alt=\"SBI Investment phishing website login page\" class=\"wp-image-7767\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-11-1024x617.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-11-300x181.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-11-768x463.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-11.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.11 Fake login and PII harvest<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"627\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-12-1024x627.png\" alt=\"SBI Investment phishing website KYC page\" class=\"wp-image-7769\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-12-1024x627.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-12-300x184.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-12-768x470.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-12.png 1194w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.12 ID document scans (front, back, and handheld ID)<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"554\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-13-1024x554.png\" alt=\"SBI Investment phishing website javascript code \" class=\"wp-image-7772\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-13-1024x554.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-13-300x162.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-13-768x415.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-13.png 1204w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.13 Externally hosted<strong> <\/strong>JavaScript code<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"617\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-14-1024x617.png\" alt=\"SBI Investment phishing website with promised returns\" class=\"wp-image-7774\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-14-1024x617.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-14-300x181.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-14-768x463.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/fig1-14.png 1205w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.14 The investment positioned as a time-limited DeFi staking or mining opportunity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-conclusion\"><strong>Conclusion<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the SBI crypto investment campaign, our threat research team has detected more than a dozen phishing websites which were deployed using consistent subdomain naming and domain structure.<\/li>\n\n\n\n<li>Direct access to the root domain triggered 400 Bad Request responses, indicating virtual host enforcement.<\/li>\n\n\n\n<li>Victims submitted:\n<ul class=\"wp-block-list\">\n<li>Email and mobile number<\/li>\n\n\n\n<li>Login password and transaction PIN<\/li>\n\n\n\n<li>ID photos: front, back, and selfie with ID in hand<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The injected script located wallet fields (BTC, ETH, TRC20) and silently replaced them with attacker-controlled addresses.<\/li>\n\n\n\n<li>Fake investment terms were displayed through smart contract banners and on-boarding pages, designed to simulate legitimate staking portals.<\/li>\n\n\n\n<li>An identified Bitcoin (BTC) wallet address, bc1q7fjfm0zay537xwkyd5deeyqjrwmjfhz3mcq2hp, served as a collection point, receiving victim deposits and then transferring funds to other wallets or suspected<\/li>\n\n\n\n<li>Input Trace: This visualization (Figure 1.15) shows funds flowing <em>into<\/em> the wallet from diverse victim sources.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"522\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/fig1-15-1024x522.png\" alt=\"Input trace of the crypto transaction on the blockchain\" class=\"wp-image-7777\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/fig1-15-1024x522.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/fig1-15-300x153.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/fig1-15-768x391.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/fig1-15.png 1291w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.15 Input trace<\/p>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Output Trace: This visualization (Figure 1.16) shows funds flowing <em>out of<\/em> the wallet, detailing dispersal patterns.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"520\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/sbi16-1024x520.png\" alt=\"Output trace of the crypto transaction on the blockchain\" class=\"wp-image-7722\" srcset=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/sbi16-1024x520.png 1024w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/sbi16-300x152.png 300w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/sbi16-768x390.png 768w, https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/08\/sbi16.png 1293w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Figure 1.16 Output Trace<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-delivery-amp-infection-workflow\">Delivery &amp; Infection Workflow<\/h2>\n\n\n\n<p>1. Victim clicks subdomain.domain.tld\/# link<br>2. Site prompts for email \u2192 sends Gmail OTP<br>3. Victim submits credentials, ID photos, wallet address<br>4. 1.js executes before submission and swaps address (Windows OS only)<br>5. Funds arrive in attacker\u2019s wallet, withdrawal UI is fake<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-fraud-kill-chain-mapping\"><a href=\"https:\/\/www.fraudkillchain.com\/explore\/\" target=\"_blank\" rel=\"noreferrer noopener\">Fraud Kill Chain Mapping<\/a><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>Stage<\/td><td>Description<\/td><td>Observed TTPs<\/td><\/tr><tr><td>Delivery<\/td><td>Victim lands on phishing page<\/td><td>subdomain.domain.tld\/# URLs<\/td><\/tr><tr><td>Deception<\/td><td>Fake DeFi UI &amp; referral scheme<\/td><td>\u201cbeez\u201d theme, cloned logos<\/td><\/tr><tr><td>Interaction<\/td><td>Victim submits KYC &amp; wallet data<\/td><td>Email\/OTP + credentials + ID photos<\/td><\/tr><tr><td>Exploitation<\/td><td>Script hijacks deposit<\/td><td>1.js swaps address client-side<\/td><\/tr><tr><td>Monetization<\/td><td>Crypto redirected to attacker<\/td><td>BTC\/TRC20\/ETH wallets<\/td><\/tr><tr><td>Laundering<\/td><td>Off-ramp via mixers\/exchanges<\/td><td>Not observed directly<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-indicators-of-compromise\">Indicators of Compromise<\/h2>\n\n\n\n<p>h5[.]sbi-root-online[.]cc<\/p>\n\n\n\n<p>h5[.]trc20ing[.]com<\/p>\n\n\n\n<p>boczyht[.]com<\/p>\n\n\n\n<p>batbid[.]net<\/p>\n\n\n\n<p>sgxonline[.]vip<\/p>\n\n\n\n<p>bithot[.]cc<\/p>\n\n\n\n<p>h5[.]sbikeno[.]com<\/p>\n\n\n\n<p>h5[.]sbi-smart-online[.]cc<\/p>\n\n\n\n<p>h5[.]sbi-root-online[.]cc.<\/p>\n\n\n\n<p>h5[.]sbi-hot-online[.]cc.<\/p>\n\n\n\n<p>h5[.]sbi-smart-online[.]cc.<\/p>\n\n\n\n<p>h5[.]sbikeno.com[.]<\/p>\n\n\n\n<p>h5[.]sbikol.com[.]<\/p>\n\n\n\n<p>h5[.]trc20ing.com[.]<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-javascript-hosted-domain\">Javascript hosted domain<\/h3>\n\n\n\n<p>hw[.]rangwodf[.]cc<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-crypto-wallet-address\">Crypto Wallet Address<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-user-agent-windows\"><strong>User agent windows<\/strong><\/h4>\n\n\n\n<p>usdt-trc-TK3skn7HMmiUg8AKGN8AaV5ewLZ3UDYrWD<\/p>\n\n\n\n<p>eth-0xf57c2E8Ec516a78a3872f1670f5E2E3F9136e80E<\/p>\n\n\n\n<p>btc-bc1q7fjfm0zay537xwkyd5deeyqjrwmjfhz3mcq2hp<\/p>\n\n\n\n<p>usdt-erc-0xf57c2E8Ec516a78a3872f1670f5E2E3F9136e80E<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-user-agent-linux\"><strong>User agent linux<\/strong><\/h4>\n\n\n\n<p>trc-TJ9T3aQMRb7ggxg5i2erpj2W1henkV9dsy<\/p>\n\n\n\n<p>eth-0x79C9D40FF57BfaAbc17419a90F4491C55C9dCD46<\/p>\n\n\n\n<p>erc-0x79C9D40FF57BfaAbc17419a90F4491C55C9dCD46<\/p>\n\n\n\n<p>btc-1C3G2DtchhUwYsr74krQdM1mDPbq2BXkTC<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-dns-threat-intelligence-feeds\">DNS Threat Intelligence feeds<\/h2>\n\n\n\n<p>Stay ahead of evolving cyber threats &#8211; explore our <a href=\"https:\/\/shreshtait.com\/dns-threat-intelligence\" target=\"_blank\" rel=\"noreferrer noopener\">DNS Threat Intelligence feeds<\/a> today and protect your digital ecosystem with real-time domain abuse insights.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-further-reading\">Further reading<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-dns-security-amp-threat-intelligence-blog-shreshta wp-block-embed-dns-security-amp-threat-intelligence-blog-shreshta\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"zxoVkivwHI\"><a href=\"https:\/\/shreshtait.com\/blog\/2025\/05\/crypto-investment-scams-exploiting-the-tesla-brand\/\">Crypto &amp; Investment scams exploiting the Tesla brand<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"&#8220;Crypto &amp; Investment scams exploiting the Tesla brand&#8221; &#8212; DNS Security &amp; Threat Intelligence Blog | Shreshta\" src=\"https:\/\/shreshtait.com\/blog\/2025\/05\/crypto-investment-scams-exploiting-the-tesla-brand\/embed\/#?secret=ot97mT2Mmo#?secret=zxoVkivwHI\" data-secret=\"zxoVkivwHI\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Shreshta Threat Research has uncovered a SBI crypto investment campaign targeting cryptocurrency users across Japan, Vietnam, South Korea, China, Thailand, and the United Kingdom. Executive Summary SBI Investment Co., Ltd is the core company in the SBI Group&#8217;s Investment Business. It is one of the leading venture capital firm in Japan. Initial domain level indicators [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":7936,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[175,180,179,47],"class_list":["post-7683","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threat-intelligence","tag-crypto","tag-japan","tag-sbi-crypto-investment","tag-threat-intelligence"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.0 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SBI Crypto Investment Campaign<\/title>\n<meta name=\"description\" content=\"Shreshta Threat Research exposes sophisticated SBI crypto investment campaign targeting users across Japan, Vietnam, South Korea, and the UK.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SBI Crypto Investment Campaign\" \/>\n<meta property=\"og:description\" content=\"Shreshta Threat Research exposes sophisticated SBI crypto investment campaign targeting users across Japan, Vietnam, South Korea, and the UK.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"DNS Security &amp; Threat Intelligence Blog | Shreshta\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-30T11:51:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-30T15:44:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/Subheading.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1788\" \/>\n\t<meta property=\"og:image:height\" content=\"1196\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Shreshta Threat Research\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@shreshta\" \/>\n<meta name=\"twitter:site\" content=\"@shreshtait\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shreshta Threat Research\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/\"},\"author\":{\"name\":\"Shreshta Threat Research\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/person\\\/9ded5f9bd269f3ba4e7ed9d4479a2c4e\"},\"headline\":\"SBI Crypto Investment Campaign\",\"datePublished\":\"2025-09-30T11:51:11+00:00\",\"dateModified\":\"2025-09-30T15:44:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/\"},\"wordCount\":1005,\"publisher\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Subheading.webp\",\"keywords\":[\"crypto\",\"japan\",\"SBI crypto investment\",\"threat intelligence\"],\"articleSection\":[\"Threat Intelligence\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/\",\"name\":\"SBI Crypto Investment Campaign\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Subheading.webp\",\"datePublished\":\"2025-09-30T11:51:11+00:00\",\"dateModified\":\"2025-09-30T15:44:38+00:00\",\"description\":\"Shreshta Threat Research exposes sophisticated SBI crypto investment campaign targeting users across Japan, Vietnam, South Korea, and the UK.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Subheading.webp\",\"contentUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Subheading.webp\",\"width\":1788,\"height\":1196,\"caption\":\"SBI Crypto Investment Campaign\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2025\\\/09\\\/sbi-crypto-investment-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SBI Crypto Investment Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/\",\"name\":\"DNS Security &amp; Threat Intelligence Blog | Shreshta\",\"description\":\"DNS Security &amp; Threat Intelligence\",\"publisher\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#organization\",\"name\":\"Shreshta IT Technologies Pvt. Ltd.\",\"alternateName\":\"Shreshta\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Shreshta.svg\",\"contentUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Shreshta.svg\",\"width\":330,\"height\":76,\"caption\":\"Shreshta IT Technologies Pvt. Ltd.\"},\"image\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/shreshtait\",\"https:\\\/\\\/infosec.exchange\\\/@shreshta\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/shreshta\\\/\"],\"description\":\"DNS security and threat intelligence company providing real-time threat protection for organizations worldwide. Our solutions include DNS Shield (Protective DNS), DNS Watchtower (Passive DNS), and comprehensive threat intelligence feeds. Trusted by enterprises to detect, prevent, and investigate cyber threats at the DNS layer.\",\"email\":\"sales@shreshtait.com\",\"legalName\":\"Shreshta IT Technologies Pvt. Ltd.\",\"foundingDate\":\"2014-01-22\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"},\"publishingPrinciples\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/person\\\/9ded5f9bd269f3ba4e7ed9d4479a2c4e\",\"name\":\"Shreshta Threat Research\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/shreshta_logo.jpeg\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/shreshta_logo.jpeg\",\"contentUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/shreshta_logo.jpeg\",\"caption\":\"Shreshta Threat Research\"},\"sameAs\":[\"https:\\\/\\\/shreshtait.com\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/shreshta\\\/\",\"https:\\\/\\\/x.com\\\/shreshta\",\"https:\\\/\\\/infosec.exchange\\\/@shreshta\"],\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/author\\\/soc\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SBI Crypto Investment Campaign","description":"Shreshta Threat Research exposes sophisticated SBI crypto investment campaign targeting users across Japan, Vietnam, South Korea, and the UK.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/","og_locale":"en_US","og_type":"article","og_title":"SBI Crypto Investment Campaign","og_description":"Shreshta Threat Research exposes sophisticated SBI crypto investment campaign targeting users across Japan, Vietnam, South Korea, and the UK.","og_url":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/","og_site_name":"DNS Security &amp; Threat Intelligence Blog | Shreshta","article_published_time":"2025-09-30T11:51:11+00:00","article_modified_time":"2025-09-30T15:44:38+00:00","og_image":[{"width":1788,"height":1196,"url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/Subheading.webp","type":"image\/webp"}],"author":"Shreshta Threat Research","twitter_card":"summary_large_image","twitter_creator":"@shreshta","twitter_site":"@shreshtait","twitter_misc":{"Written by":"Shreshta Threat Research","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/#article","isPartOf":{"@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/"},"author":{"name":"Shreshta Threat Research","@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/person\/9ded5f9bd269f3ba4e7ed9d4479a2c4e"},"headline":"SBI Crypto Investment Campaign","datePublished":"2025-09-30T11:51:11+00:00","dateModified":"2025-09-30T15:44:38+00:00","mainEntityOfPage":{"@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/"},"wordCount":1005,"publisher":{"@id":"https:\/\/shreshtait.com\/blog\/#organization"},"image":{"@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/Subheading.webp","keywords":["crypto","japan","SBI crypto investment","threat intelligence"],"articleSection":["Threat Intelligence"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/","url":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/","name":"SBI Crypto Investment Campaign","isPartOf":{"@id":"https:\/\/shreshtait.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/#primaryimage"},"image":{"@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/Subheading.webp","datePublished":"2025-09-30T11:51:11+00:00","dateModified":"2025-09-30T15:44:38+00:00","description":"Shreshta Threat Research exposes sophisticated SBI crypto investment campaign targeting users across Japan, Vietnam, South Korea, and the UK.","breadcrumb":{"@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/#primaryimage","url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/Subheading.webp","contentUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2025\/09\/Subheading.webp","width":1788,"height":1196,"caption":"SBI Crypto Investment Campaign"},{"@type":"BreadcrumbList","@id":"https:\/\/shreshtait.com\/blog\/2025\/09\/sbi-crypto-investment-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/shreshtait.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SBI Crypto Investment Campaign"}]},{"@type":"WebSite","@id":"https:\/\/shreshtait.com\/blog\/#website","url":"https:\/\/shreshtait.com\/blog\/","name":"DNS Security &amp; Threat Intelligence Blog | Shreshta","description":"DNS Security &amp; Threat Intelligence","publisher":{"@id":"https:\/\/shreshtait.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/shreshtait.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/shreshtait.com\/blog\/#organization","name":"Shreshta IT Technologies Pvt. Ltd.","alternateName":"Shreshta","url":"https:\/\/shreshtait.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/Shreshta.svg","contentUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/Shreshta.svg","width":330,"height":76,"caption":"Shreshta IT Technologies Pvt. Ltd."},"image":{"@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/shreshtait","https:\/\/infosec.exchange\/@shreshta","https:\/\/www.linkedin.com\/company\/shreshta\/"],"description":"DNS security and threat intelligence company providing real-time threat protection for organizations worldwide. Our solutions include DNS Shield (Protective DNS), DNS Watchtower (Passive DNS), and comprehensive threat intelligence feeds. Trusted by enterprises to detect, prevent, and investigate cyber threats at the DNS layer.","email":"sales@shreshtait.com","legalName":"Shreshta IT Technologies Pvt. Ltd.","foundingDate":"2014-01-22","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"},"publishingPrinciples":"https:\/\/shreshtait.com\/blog\/blog\/"},{"@type":"Person","@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/person\/9ded5f9bd269f3ba4e7ed9d4479a2c4e","name":"Shreshta Threat Research","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2024\/10\/shreshta_logo.jpeg","url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2024\/10\/shreshta_logo.jpeg","contentUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2024\/10\/shreshta_logo.jpeg","caption":"Shreshta Threat Research"},"sameAs":["https:\/\/shreshtait.com","https:\/\/www.linkedin.com\/company\/shreshta\/","https:\/\/x.com\/shreshta","https:\/\/infosec.exchange\/@shreshta"],"url":"https:\/\/shreshtait.com\/blog\/author\/soc\/"}]}},"_links":{"self":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts\/7683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/comments?post=7683"}],"version-history":[{"count":113,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts\/7683\/revisions"}],"predecessor-version":[{"id":7942,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts\/7683\/revisions\/7942"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/media\/7936"}],"wp:attachment":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/media?parent=7683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/categories?post=7683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/tags?post=7683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}