Password Stealing hacking Campaign

A mysterious new phishing campaign is targeting government departments and related business services around the world in cyberattacks that aim to steal the login credentials from victims.

In total, the phishing attacks have targeted at least 22 different potential victim organisations in countries including the United States, Canada, China, Australia, Sweden and more. All of the attacks involve emails claiming to be related to the targeted government agencies and all of them attempt to trick victims into clicking an email link that asks for their username and password.

Anyone who enters their login credentials into the spoofed government agency websites will give cyber criminals access to their account.

The campaign has been discovered and detailed by cybersecurity researchers at Anomali; but while it’s clear a lot of work has gone into what researchers describe as a ‘persistent’ campaign, it’s unclear who is behind the attacks or what their ultimate motivations are. It could be an effort to conduct corporate espionage.

“It could be that the adversaries are trying to gain access to potential bidders to undercut the competition or to compromise government suppliers for more long-term gain,” Sara Moore, cyber-threat intelligence analyst at Anomali, told ZDNet.

The majority of the attacks focus on government departments, but a small percentage also target procurement and logistics firms related to the targets.

Leave a Reply

%d bloggers like this: