Hackers are reportedly running a series of phishing campaigns impersonating several departments of the United States government, including the Department of Labor and the Department of Transport.
The emails, targeted at government contractors, claim to request bids for government projects but lead victims to credential phishing pages instead.
According to a blog post on the campaign by cybersecurity company Cofense, these campaigns have been ongoing (opens in new tab) since at least mid-2019.
How did the camapaign work?
The campaigns targeted companies across a variety of sectors according to the blog but focused most heavily on the energy and professional services sectors, including construction companies.
The attackers likely targeted companies that could credibly receive invitations to bid from the relevant government department.
Disturbingly, the researchers said that the campaign became increasingly advanced as time went on.
According to Credio, early emails had more simplistic email bodies without logos and with relatively straightforward language, however, the more recent emails made use of logos, signature blocks, consistent formatting, and more detailed instructions.
Recent emails also include links to access the PDFs rather than directly attaching them.
Older PDFs had little customization, and all listed the same “edward ambakederemo” as the author of the document.
But now, the newer PDFs are said to use metadata consistent with the authentic copies of the documents.
Cofense acknowledged that “given the advancements seen in each area of the phishing chain, it is likely the threat actors behind these campaigns will continue to innovate and improve upon their already believable campaigns”.
The firm advised readers to ensure all employees do not click malicious links in the first place as the main priority.
Cofense also advises readers to ensure employees realize this need for caution applies to attachments just as much as it does to links directly embedded in emails, and they should carefully examine both links and sender information can also help here.
- Can't stop your employees from clicking on malicious links? Check out our guide to the best firewalls