Hackers are reportedly running a series of phishing campaigns impersonating several departments of the US government, including the Department of Labor and the Department of Transportation.
Emails targeting government contractors claim to solicit bids for government projects, but lead victims to credential phishing sites instead.
According to a blog post about the campaign by cybersecurity firm Cofense, these campaigns have been ongoing (opens in new tab) since at least mid-2019.
How did the campaign work?
The campaigns targeted businesses across a range of sectors, according to the blog, but focused mostly on the energy and professional services sectors, including construction firms.
The attackers likely targeted companies that could credibly receive invitations to bid from the relevant government department.
Disturbingly, the researchers said, the campaign became more and more sophisticated as time went on.
According to Credio, early emails had more simplified email bodies without logos and with relatively straightforward language, but the newer emails made use of logos, signature blocks, consistent formatting and more detailed instructions.
Recent emails also include links to access the PDFs instead of attaching them directly.
Older PDFs had little customization and all listed the same “edward ambakederemo” as the author of the document.
But now the newer PDFs are said to use metadata consistent with the authentic copies of the documents.
Cofense acknowledged that “given the advances seen in each area of the phishing chain, it is likely that the threat actors behind these campaigns will continue to innovate and improve their already credible campaigns”.
The firm advised readers to make sure all employees don’t click on malicious links in the first place as a top priority.
Cofense also advises readers to ensure that employees realize that this need for caution applies to attachments as much as it does to links directly embedded in emails, and they should carefully scrutinize both links and sender information can help here as well .
- Can’t prevent your employees from clicking on malicious links? Check out our guide to the best firewalls