The hackers reportedly carried out a series of phishing campaigns impersonating various departments of the US government, including the Department of Labor and the Department of Transportation.
The emails, intended for government contractors, purport to solicit bids for government projects, but instead lead victims to credential phishing pages.
According to a campaign blog post from cybersecurity firm Cofense, these campaigns have been ongoing (opens in a new tab) since at least mid-2019.
How did the campaign work?
According to the blog, the campaigns targeted companies from a variety of sectors, but were primarily focused on the energy and professional services sectors, including construction companies.
The attackers likely targeted companies that could receive bid invitations from the relevant government department.
Disturbingly, the researchers said the campaign got more advanced over time.
According to Credio, early emails had simpler email bodies with no logos and relatively plain language; however, newer emails used logos, signature blocks, consistent formatting, and more detailed instructions.
Recent emails also include links to access PDF files instead of directly attaching them.
The older PDF files had little customization and all listed the same "Edward Ambakederemo" as the document's author.
But now new PDF files are said to use metadata consistent with true copies of the documents.
Cofense acknowledged that "given the progress seen in each area of the phishing chain, it is likely that the threat actors behind these campaigns will continue to innovate and improve their already credible campaigns."
The company advised readers to ensure that all employees do not click on malicious links in the first place as a top priority.
Cofense also advises readers to ensure that employees realize that this need for caution applies to both attachments and links directly embedded in emails, and should carefully review links and information about the sender can also be useful here.
- Can't stop your employees from clicking on malicious links? Check out our guide to the best firewalls