Kasada’s Q1 2025 Threat Intel Report Uncovers ALTSRUS “Reverse Robin Hood” Fraud Syndicate
NEW YORK & SYDNEY–(BUSINESS WIRE)–Kasada, the pioneers transcending bot management by countering the human minds behind automated threats, today released its Q1 2025 Quarterly Threat Report, calling out a fraud syndicate known as ALTSRUS that has been actively stealing and selling accounts connected to Electronic Benefit Transfer (EBT), pharmacy prescriptions, and consumer rewards programs. The group’s operations have scaled significantly while profiting from those already facing financial hardship.
“While the security world often focuses on protecting high-value assets, groups like ALTSRUS remind us that no target is off-limits,” said Sam Crowther, CEO and founder of Kasada.”
Kasada’s threat intelligence team refers to ALTSRUS as the “Reverse Robin Hood” because of its focus on taking from those who are financially disadvantaged to fuel its own criminal enterprise.
In the first quarter of 2025 alone, ALTSRUS sold more than 220,000 stolen accounts, marking a 2,852% year-over-year increase in activity. The group expanded its fraud campaigns to span 13 industries, illustrating the growing scale and adaptability of modern organized fraud.
“While the security world often focuses on protecting high-value assets, groups like ALTSRUS remind us that no target is off-limits,” said Sam Crowther, CEO and founder of Kasada. “They’re even willing to compromise access to food and critical medications to turn a profit.”
Key Insights from Kasada’s Q1 2025 Quarterly Threat Report
- Account takeover (ATO) remained the most prevalent and impactful type of automated threat throughout Q1.
- Criminal marketplaces hit a peak of nearly 2.5 million stolen accounts for sale, far outpacing other types of listings.
- Webmail services, retail, and social networks accounted for 67% of observed stolen account sales.
- The Quick Service Restaurant (QSR) industry saw a 96% spike in compromised account sales.
- CAPTCHA solver services are being weaponized to passively facilitate criminal activities.
“The tools used to conduct account takeover attacks are now more advanced and widely accessible,” said Nick Rieniets, Field CTO at Kasada. “Our investigations into underground credential stuffing groups reveal the inner workings of this cybercrime ecosystem, exposing gaps in traditional defenses. Organizations need proactive threat intelligence, along with modern anti-automation detection, to strengthen authentication practices beyond just MFA.”
About the Report
Kasada’s Q1 2025 Quarterly Threat Report is based on investigations and analysis conducted by the company’s in-house research team through KasadaIQ for Fraud. The report provides an inside look at the tactics used by ALTSRUS, the latest account takeover attack trends, and the evolving criminal marketplace ecosystem.
Download the full report here.
Full press release here.
The post Kasada’s Q1 2025 Threat Intel Report Uncovers ALTSRUS “Reverse Robin Hood” Fraud Syndicate appeared first on Kasada.
*** This is a Security Bloggers Network syndicated blog from Kasada authored by Maddy Lewis. Read the original post at: https://www.kasada.io/kasadas-q1-2025-threat-intel-report-uncovers-altsrus-reverse-robin-hood-fraud-syndicate/
