To date, the phishing campaign has targeted at least 22 different organizations in the United States, Canada, China, Australia, Sweden and other countries. Phishing emails they are supposed to come from organizations related to targeted government services. The content of the message is trying to fool you victims and make them open one email link, requesting their username and password.
In essence, victims think they are inserting their credentials into an official government site. However, the site is fake and steals their credentials users. After that, hackers can have access on the victim's account.
The campaign was discovered by the company's researchers Anomaly. However, experts still do not know who is behind this phishing campaign and what their main motivations are. One hypothesis is that hackers they want to spy on targeted government services.
Most of the attacks are focused on government services themselves, but they have also been done a few attacks to supply companies and logistics companies related to the goals.
The country that has received the most attacks in this campaign is the USA. The main targets of the hackers were the Ministry of Energy, the Ministry of Commerce and the Ministry of Veterans Affairs.
According to investigators, the attackers are doing a very careful job. For each of their goals, they send specific emails that fit perfectly with each service. In all cases, phishing emails are written on native language of the country of the targeted service.
For example, a phishing email targeting the US Department of Commerce says it contains information concerning the tendering of various commercial products products and services. In the end, she asks the victim to open a document. This document contains a link that the user is also invited to open. This link leads to Phishing website controlled by hackers.
Both the emails and the document and the phishing site are designed to look like authentic. For example, the phishing site is very similar to that of the target organization or company.
Although the source of the phishing campaign is unknown, domains are hosted in turkey and romania. However, hackers could use any country to host its domains. Anomali research revealed a total of 62 domains and 122 phishing sites.
Researchers have alerted the relevant CERT (Computer Emergency Response Teams) teams about the attacks.
However, there are things that organizations and services can do to protect themselves from this phishing campaign and any other similar attack.
According to researchers, all organizations should are updated on current ones threats at cyberspace and integrate it research their security infrastructure so they can detect, block, and generally respond immediately to a possible attack.
Η education and sensitization on security are necessary so that the employees recognize suspicious phishing emails.
The full list of victims of the phishing campaign and other details can be found in the research. document by Anomali.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.