Successful Phishing Campaign Targeted Colombian Government Agencies

  • 142
  •  
  •  
  • 1
  •  
  •  
  •  
    143
    Shares

Blind Eagle (APT-C-36) used RAT Imminent Monitor computers to upload malware and steal trade secrets from Colombian Government Agencies, last week.

Imminent Monitor computers allow for hackers to control windows servers remotely as administrative users. APT-C-36 took advantage of this, targeting corporations in the finance and oil industries in Columbia. Qihoo 360 discovered the attacks started as far back as April 2018 where hackers disguised themselves as the National Cyberpolice and the General Prosecutor’s Office of Columbia. They stole the intellectual property of both governmental agencies and large corporations within Columbia. Hackers used phishing emails to target institutions such as the Colombian Bank of the West.

The rise of espionage attacks

Geopolitically motivated cyber-attacks once existed with governmental agencies used to achieve this. However, tactics are changing. Corporations are a platform hackers use to obtain espionage objectives indirectly. As a result, this form of cyber attacks is rising significantly. Phishing attacks is an area that is extremely vulnerable for organisations and hackers know this. Lack of resources results in staff succumbing to this manipulation and effectively causes the organisation to fall victim to such attacks.

Palo Alto Networks security identified another APT actor, named Windshift, was behind a series of spear -phishing attacks targeting the Middle Eastern government agencies. The attacks occurred between January and May of last year. The usual remote takeover and extraction of credentials and files took place.

Researchers who discovered Windshift, Dark matter, noticed it targeted specific individuals, similar to Bahamut. Bahamut was yet another phishing campaign that targeted the Middle East and South Asia with espionage intent. It surfaced in 2017 and ran propaganda sites. Their attacks consisted of impersonating platform providers ultimately manipulating users to divulge their passwords. In similarity to Bahamut, Windshift stole credentials pertaining to diplomats and political figures. When researchers discovered  Bahamut, they likened it to Operation Kingphish campaign and linked it to Urpage in the same year.

The similarity in tactics not only emphasises on the shift to targeting corporations for trade secrets, but it also highlights the way organisations are used to aid its mission to get the information needed from nation-state agencies and vice versa. With APT-C-36 for example, emails were made to look like they came from companies such as Chevron. With the latest attack, hackers impersonated the Tax and Customs Administration to attack the Institute for the Blind. Cyber attacks targeting the Middle East prompted users to reset their user passwords for accounts with large corporations such as Google and Apple iCloud email accounts.

Following 2018 trends and patterns, researchers globally forecasted that there will be a rise in espionage-related attacks and effectively phishing attacks, and therefore does not come as a surprise.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Latest posts by Unallocated Author (see all)

Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!