Actions align with CryptoChameleon
Whereas many menace researchers have linked PoisonSeed actors to Scattered Spider, Silent Push believes the alignment is extra correct with the CryptoChameleon superior phishing package from 2024.
The mailchimp-sso[.]com area, which is the premise of the affiliation made with Scattered Spider, was registered on Porkbun from the earlier assault up till March 24, 2025, when it was re-registered on NiceNic, a registrar of alternative for each Scattered Spider and CryptoChameleon, the analysts identified.
PoisonSeed’s cryptocurrency seed phrase poisoning assault using a provide chain spam operation doesn’t align with Scatter Spider TTPs, which Silent Push tracked as nonetheless lively in 2025 with focused manufacturers together with Credit score Karma, Forbes, Nike, Louis Vuitton, and Vodafone.
