Hackers are reportedly running a series of phishing campaigns impersonating several departments of the United States government, including the Department of Labor and the Department of Transport.
The emails, targeted at government contractors, claim to request bids for government projects but lead victims to credential phishing pages instead.
According to a blog post on the campaign by cybersecurity company Cofense, these campaigns have been ongoing (opens in new tab) since at least mid-2019.
How did the camapaign work?
The campaigns targeted companies across a variety of sectors according to the blog but focused most heavily on the energy and professional services sectors, including construction companies.
The attackers likely targeted companies that could credibly receive invitations to bid from the relevant government department.
Disturbingly, the researchers said that the campaign became increasingly advanced as time went on.
According to Credio, early emails had more simplistic email bodies without logos and with relatively straightforward language, however, the more recent emails made use of logos, signature blocks, consistent formatting, and more detailed instructions.
Recent emails also include links to access the PDFs rather than directly attaching them.
Older PDFs had little customization, and all listed the same “edward ambakederemo” as the author of the document.
But now, the newer PDFs are said to use metadata consistent with the authentic copies of the documents.
Cofense acknowledged that “given the advancements seen in each area of the phishing chain, it is likely the threat actors behind these campaigns will continue to innovate and improve upon their already believable campaigns”.
The firm advised readers to ensure all employees do not click malicious links in the first place as the main priority.
Cofense also advises readers to ensure employees realize this need for caution applies to attachments just as much as it does to links directly embedded in emails, and they should carefully examine both links and sender information can also help here.
- Can't stop your employees from clicking on malicious links? Check out our guide to the best firewalls
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba