Researchers from cybersecurity company Anomali have discovered a large-scale phishing campaign against international governments. The phishing emails also reached companies that help with tendering procedures.
According to Silicon Angle, it is possible to attempt to gather information about these tendering procedures. The phishing emails contain information about tenders and bids and are sent to employees of specific government agencies. If an official clicks on a link in the mail, he is taken to a site similar to an existing one. That site requires logging information.
Anomali found the phishing emails in the inboxes of governments of the United States, China, Canada, Australia and Sweden. The domains used for the attack seem to come from Turkey or Romania. But Anomali warns that it is not certain that the phishing group actually originates from those countries.
‘Phishing is becoming increasingly sophisticated’
Therefore, Anomali does not yet know exactly who is behind the campaign, or why. Analyst Sara Moore speculates against ZDNet that this could be industrial espionage or “longer-term plans”.
Anomali concludes that the phishing emails are targeted. Each email contains a ‘bait file’ and is written in the language of the local government.
The bait always has something to do with the work of the specific authority, and the link is hidden in the document. When you keep clicking, you’ll find a page that uses real names and other information to seem reliable.
Researchers from another cybersecurity company, Valimail, therefore call the phishing campaign “a good example of how sophisticated and convincing cyber-attacks are today”. Not all phishing emails contain easily recognisable typo’s.