Phishing attacks are very common nowadays. In the last few months one phishing campaign targeted big organizations that take care of protection human rights. Some of them are Red Crossh, h UNICEF and some of its programs ΟΗΕ (UN World Food and the UN Development).
The attack was discovered by them researchers the company's security Lookout. According to the company, the attack affected the sites and their sites servers of organizations.
It was a long time before the sites that were affected were identified.
None of the phishing sites discovered by Lookout researchers existed at Google Safe Browsing, a database that contains malicious links and helps the web browsers to warn users. Therefore, the users they will not be notified if they visit any of these sites.
Researchers contacted the organizations to inform them of the attacks. They also notified law enforcement agencies.
A UN spokesman says the organization is advising members to activate control multi-factor identity.
Who is behind these attacks?
Researchers said this is not yet known. It could be a typical phishing campaign by a criminal group or come from hacking groups that act in the interests of governments.
"We can not say for sure where it came from," said Jeremy Richards, lead researcher at Lookout.
"The motive for the attack is to violate them credentials Okta and Microsoft accounts to access them. "Once they gain access, hackers can attack or steal information."
One member of one of these organizations stated that hackers often target such organizations.
A lot governments pay hacking teams to attack human rights organizations for stealing information about investigations, tracking people reporting incidents to organizations, or obtaining information on members of organizations.
But it is not just the governments that target these organizations. Such attacks are carried out by hackers who have financial incentives (eg BEC scammers, who breach accounts to steal money).
Η Phishing campaign is underway
According to researchers, the campaign is still ongoing. The servers that host the phishing pages are active. Phishing pages contain malicious code, which logs members' passwords.
In the table below you can see the pages that were affected by the attack:
Greek
Chinese (Simplified)
English
Greek
Russian