This Microsoft 365 phishing campaign is using some crafty US government lures
>
Hackers are allegedly conducting a series of phishing campaigns masquerading as various branches of the US government, including the Department of Labor and the Department of Transportation.
The emails, aimed at government contractors, claim to solicit bids for government projects, but instead direct victims to phishing pages with credentials.
According to a blog post about cybersecurity firm Cofense’s campaign, these campaigns are underway (opens in new tab) at least since mid-2019.
How did the campaign work?
The campaigns, according to the blog, targeted companies in a variety of sectors, but focused primarily on the energy and professional services sectors, including construction companies.
The attackers likely targeted companies that could credibly receive invitations to bid from the relevant government department.
Worryingly, the researchers said the campaign became more sophisticated over time.
According to Credio, early emails had more simplistic email texts with no logos and relatively plain language, but the more recent emails used logos, signature blocks, consistent formatting, and more detailed instructions.
Recent emails also include links to access the PDFs instead of attaching them directly.
Older PDFs had few customization options and all listed the same “edward ambakadederemo” as the author of the document.
But now the newer PDFs would use metadata consistent with the authentic copies of the documents.
Cofense acknowledged that “given the progress seen in every area of the phishing chain, it is likely that the threat actors behind these campaigns will continue to innovate and improve their already credible campaigns”.
The company advised readers to make sure that all employees don’t click malicious links in the first place as the top priority.
Cofense also recommends that readers make sure employees realize that this need for caution applies equally to attachments and links embedded directly in emails, and to carefully examine both links and sender information.
- Can’t stop your employees from clicking malicious links? Check out our guide to the best firewalls