Researchers have uncovered a new form of social engineering attack focusing on organizations in Germany, Italy, and the US by offering destructive payloads with finance-similar lures in nearby languages.
In accordance to cybersecurity seller Proofpoint, the electronic mail phishing strategies — discovered amongst Oct 16 and November 12 — impersonate the German Federal Ministry of Finance and the Italian Ministry of Taxation applying destructive Microsoft Term attachments, which when opened, downloads and installs the Maze ransomware payload onto the target’s system.
In addition to luring unsuspecting victims with notifications of tax refunds and law enforcement techniques to stay away from tax penalties, the threat actor was discovered to leverage lookalike domains, verbiage, and stolen branding in the emails to increase the chance of social engineering the recipients.
Other phishing email messages attempted to supply malware by spoofing a German world-wide-web provider supplier, 1&1 Net AG, and the United States Postal Services (USPS) to distribute the IcedID banking Trojan.
Proofpoint scientists mentioned the operations seriously qualified recipients employed in business and IT providers, production, and healthcare verticals.
The campaigns’ steady use of overlapping strategies — these kinds of as the use of .icu domains and similar email addresses for the DNS documents of the domains made use of — have led the researchers to attribute the do the job to a single actor.
“Although these strategies are compact in volume, at present, they are important for their abuse of dependable brands, like governing administration agencies, and for their rather speedy growth throughout numerous geographies,” Proofpoint’s Danger Intelligence Guide Christopher Dawson claimed.
Asked if the phishing attacks could be the get the job done of APT19, APT32, or Cobalt Group, Dawson stated the strategies, techniques, and treatments (TTPs) employed by the group had no overlap with these of current actors.
The actuality that attackers are ready to just take gain of productive tax-themed lures to carry out economically determined operations underscores the very-targeted mother nature and evolving sophistication of these strategies.
“The raising sophistication of these lures mirrors enhanced social engineering and a focus on efficiency over quantity appearing in several campaigns globally across the electronic mail menace landscape,” the researchers concluded.