Feb 25 2022

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Category: Information Security,Malware,PhishingDISC @ 10:02 am

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel.

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.

The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151.

In mid-January, the government of Kyiv attributed the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151. Defaced websites were displaying the following message in Russian, Ukrainian and Polish languages.

“Ukrainian! All your personal data has been sent to a public network. All data on your computer is destroyed and cannot be recovered. All information about you stab (public, fairy tale and wait for the worst. It is for you for your past, the future and the future. For Volhynia, OUN UPA, Galicia, Poland and historical areas.” reads a translation of the message.

In November 2021, Mandiant Threat Intelligence researchers linked the Ghostwriter disinformation campaign (aka UNC1151) to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites. According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests.

Unlike other disinformation campaigns, GhostWriter doesn’t spread through social networks, instead, threat actors behind this campaign abused compromised content management systems (CMS) of news websites or spoofed email accounts to disseminate fake news.

Now Serhiy Demedyuk, deputy secretary of the national security and defence council, told Reuters, that the Ukrainian government blamed the UNC1151 APT group. Demedyuk explained that the attacks were carried out to cover for more destructive actions behind the scenes. 

The nation-state group is using the compromised accounts to target contacts in the victims’ address books. Attackers spear-phishing messages have been sent from email accounts using the domains 

 and .

The phishing messages used a classic social engineering technique in the attempt to trick victims into providing their information to avoid the permanent suspension of their email accounts.

The phishing attacks are also targeting Ukrainian citizens, reported the State Service of Special Communications and Information Protection of Ukraine (SSSCIP).

Phishing and Communication Channels: A Guide to Identifying and Mitigating Phishing Attacks

Tags: spear-phishing


Jul 31 2020

Twitter says a spear phishing attack led to the huge bitcoin scam

Category: Hacking,PhishingDISC @ 2:54 pm

Twitter shared an update in a blog post and tweets Thursday night.

Source: Twitter says a spear phishing attack led to the huge bitcoin scam



Twitter Says It Knows How Hackers Gained Access
httpv://www.youtube.com/watch?v=ORjCyJUZRN8

What is spear phishing?
httpv://www.youtube.com/watch?v=fZc2oXfz9Qs


Phishing Scams

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Tags: spear-phishing


Oct 24 2017

10 most clicked phishing email subject lines

Category: PhishingDISC @ 10:13 am

10 most clicked phishing email subject lines

Ironically, the most successful phishing emails of Q3 2017 told recipients that they had been victims of a data breach.

This finding comes from a report from KnowBe4 that investigated the most effective phishing email subject lines. The report looked at tens of thousands of emails from simulated and custom phishing tests, and discovered that the most clicked subject line was ‘Official Data Breach Notification’.

Phishing subject lines

The top ten most clicked subject lines were:

  1. Official Data Breach Notification
  2. UPS Label Delivery 1ZBE312TNY00015011
  3. IT Reminder: Your Password Expires in Less Than 24 Hours
  4. Change of Password Required Immediately
  5. Please Read Important from Human Resources
  6. All Employees: Update your Healthcare Info
  7. Revised Vacation & Sick Time Policy
  8. Quick company survey
  9. A Delivery Attempt was made
  10. Email Account Updates

KnowBe4 also evaluated phishing email subject lines specifically from social networks. The most clicked subject lines were messages ostensibly from LinkedIn. This is worrying for organisations, as many people link their work email address to their LinkedIn account, and a successful phishing attack could expose the company to a data breach or further phishing emails.

Other common social media phishing emails claimed that someone had attempted to log in to their accounts, that they’d been tagged in a photo or that they’d received free pizza.

“Nearly impossible” for technology to protect you

Commenting on the study, KnowBe4’s chief evangelist and strategy officer, Perry Carpenter, said: “The level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats. Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes.”

You can take action against targeted phishing attacks by enrolling your staff on ITG Phishing Staff Awareness Course.

This online course shows your staff how phishing works, what to look out for and how to respond when they receive a malicious message. It’s ideal for all employees who use the Internet or email in their day-to-day duties and, as such, it’s delivered in simple terms that everyone in your organisation can understand.

Find out more about our Phishing Staff Awareness Course >>




Subscribe to DISC InfoSec blog by Email




Tags: phishing, phishing countermeasures, spear-phishing


Feb 23 2010

New phishing scams attack with precision

Category: Identity TheftDISC @ 1:10 pm


Phishing: Cutting the Identity Theft Line

When TippingPoint’s president and chief technology officer, Marc Willebeek-Lemair, received an e-mail from the Federal Trade Commission informing him that a client was filing a complaint against his network security company for overcharges, he was directed to download the complaint – a Microsoft Word file – from an FTC Web page and return the attached form with any questions about the process.

The message, sent in 2008, was an elaborate scam targeting top-level executives.

TippingPoint researchers discovered the sender’s address had been “spoofed” (faked) and the link didn’t lead to the FTC’s Web site. In fact, the document – which looked like an FTC complaint – was infected with a data-stealing Trojan horse. Because the message referred to Willebeek-Lemair by name and no one else in TippingPoint received the message, the company concluded that criminals studied its chain of command and selected their target.

“It specifically said something that a C-level executive would get immediately alarmed about,” said Rohit Dhamankar, director of security research at TippingPoint’s DVLabs.

The message is an example of an increasingly common hacker technique known as spear-phishing, a much more effective and carefully crafted variation of the phishing lures that seek to trick victims into surrendering their private data.

Researchers believe that as spam-filtering technology has improved and people have become savvier at recognizing phishing ploys (such as the classic Nigerian e-mail scam), criminals are now dedicating more time and resources to going after specific groups of individuals. They often trick users into downloading malicious software from infected Web pages or e-mail attachments like Adobe Reader PDFs and Microsoft Office documents.

Carefully planned
In these attacks, the hackers identify specific individuals or groups of people with something in common. To make their attacks more effective, criminals take pains to impersonate credible sources, adorning messages with professional graphics and composing well-written stories to hook their targets.

To personalize the messages and make them more convincing, security researchers believe criminals run simple search queries to find biographical information, including a person’s position within an organization and their responsibilities. Hackers can also learn names of friends.

“This is very easy to do. Google, Facebook, LinkedIn and other sites can provide valuable information about anybody,” Dhamankar said.

The extra homework pays off. The Anti-Phishing Working Group estimates that less than 1 percent of people who receive one of the billions of generic phishing schemes sent every day take the bait. Meanwhile, estimates from several experts place the success rate of these tailored attacks between 25 and 60 percent.

In a 2006 experiment by the department of computer science at Indiana University, researchers sent e-mails with test links to almost 500 students purporting to come from friends with the intent of finding out how many would unwittingly have fallen for a real attack.

Even though researchers placed obvious clues to recognize the test – like prominently displaying the word “phishing” in the phony Web site – 72 percent of respondents gave their user names and passwords away.

“That is a dramatic yield. That’s the power of using the spear,” said Markus Jakobsson, principal scientist at the Palo Alto Research Center and one of the experiment’s authors.

Nilesh Bhandari, product manager at Cisco IronPort Systems’ security technology unit, estimated targeted attacks comprise less than 1 percent of all phishing schemes, but he said criminals intentionally keep the volume low. The fewer of these ploys there are, the more difficult it is for researchers to study and filter them out.

“The challenge is really finding the needle in the haystack,” Bhandari said.

Targeted attacks can go after anyone: from job seekers, gamers and gamblers to military contractors, pro-Tibet activists and people who just happen to live in a geographical area selected by the criminals. Last year, the FBI said that small and medium-size businesses have lost at least $40 million since 2004 to criminal exploits like spear-phishing.

“Most advanced users do not fall for regular phishing but (they) do fall for targeted attacks,” said Mikko Hypponen, chief research officer at Finnish security firm F-Secure. “You get an e-mail from someone you know, talking about real events and pointing to a normal-looking attachment. Would you open it? Of course you would.”

In spear-phishing samples collected by F-Secure, criminals hacked e-mail addresses from the domains of George Washington University, the Washington Post and even the State Department.

Attack on Google
The most notable instance of spear-phishing recently is the January attack on Google that attempted to hack into the Gmail accounts of Chinese human rights activists and steal valuable source data from the search giant and more than 30 other tech companies.

Researchers now know that criminals identified key Google staffers, found out who their friends were and fashioned attacks to lure them to infected Web pages.

“They were all attacked for a particular reason. (The hackers) knew the machines and networks they wanted to access. They knew who was sending e-mails to their targets and who they were receiving them from. It speaks to the reconnaissance they did beforehand,” said David Marcus, director of security research at McAfee Labs.

These types of attacks are particularly dangerous because, as the attack on Google demonstrated, anyone can fall for them.

“In terms of internal security, it’s the weakest link – people who might not be involved with security technology – who fall for these attacks,” Dhamankar said. “If someone was targeting an entire company and sends spear-phishing to all employees, even if one or two people click on that link, (the tactic) succeeds because the criminal has gotten a foothold in the enterprise.”

Dodging the spear
It is difficult to fend off an attack from a crook determined to steal your information, but security experts suggest a few simple precautions that can go a long way:

— Above all, keep your security software up to date.

— If a link is malicious, rolling the cursor over it without clicking sometimes reveals a URL leading to a different address than the one it promises.

— Never share personal information solicited through e-mail. When in doubt, go to the Web site of the organization purporting to send the message instead of clicking on any links.

— Be suspicious of links and attachments sent through e-mail or social networks.

Sources: Cisco Systems and TippingPoint

By Alejandro MartĂ­nez-Cabrera: Read more: http://www.sfgate.com




Tags: Anti-Phishing Working Group, Nigerian e-mail scam, spam-filtering, spear-phishing