Israeli Companies Targeted in Sustained Phishing Campaign Impersonating Israel Post
Israeli engineering and telecommunications companies have been targeted in a sustained phishing campaign, which convincingly impersonates Israel’s postal service. The phishing emails appear as missed delivery notes containing an HTML link. Clicking on the link downloads an .html file attachment on the user’s browser that, in turn, opens an ISO image file that contains the obfuscated Visual Basic script. Ultimately, this script downloads a modified version of the AsyncRAT malware. Known as Operation Red Deer, this technique was first spotted in April 2022 and most recently last month, where the same malware version and SSL certificate were used. Several other campaigns in the activity cluster were also detected, including one in June 2021 and another in October 2021, which had a significantly higher volume of phishing emails than usual.
Sustained Phishing Campaign
The phishing campaign is described as a “sustained and clandestine operation” that has targeted numerous organizations from diverse industries in Israel. According to Igal Lytzki, an incident response analyst at Perception Point, “hundreds of emails related to this particular campaign” were detected and quarantined before being delivered. The lures are designed to look genuine, with the addition of elements such as the logo, correlated colors, and additional information about the post office’s opening hours. The targets of the campaign varied in their positions and level of seniority, indicating that this is not solely aimed at executive and leadership positions.
Who Is to Blame?
The Aggah threat group is responsible for the attacks. This attribution is because of the choice of malware, order-related phishing messages, and use of Losh Crypter obfuscated PowerShell scripts. However, there is no clear evidence of state sponsorship or national identity for Aggah. Nonetheless, its tactics, techniques, and procedures (TTPs) are strikingly similar to those of Gorgon Group, which is known to be a state-sponsored group under the Pakistani government. Lytzki believes that Aggah is contracted by other governments to launch malicious campaigns on their behalf. In the past, Aggah has conducted attacks primarily on organizations within Middle Eastern countries. By contrast, the Gorgon Group targets government organizations and has been linked to attacks against Russia, Spain, the United Kingdom, and the United States.
Internet Security Advice
This phishing campaign is a reminder that organizations must remain vigilant and educate their employees about the risks of clicking on unknown links. It should also be noted that attackers will go to great lengths to make their schemes appear genuine, such as using logos and correlated colors. Therefore, companies must implement multi-layered defenses that blend advanced technology, including threat intelligence and machine learning, with effective training programs that empower employees to help prevent successful attacks. Finally, cybersecurity professionals must work together to share threat intelligence and best practices to stay ahead of threats like Operation Red Deer.
<< photo by Julia Weihe >>
You might want to read !
- Unveiling the Shadowy Empire: Cybersecurity Experts Unmask XE Group’s Alleged Ringleader
- The Vulnerability of Connected Cars: Toyota’s Latest Data Breach
- The Power of Cloud Services for Enhanced Login Security
- The Infiltration of Sneaky DogeRAT Trojan into Popular Apps: Endangering Indian Android Users.
- “Houthi-Backed Spyware Campaign Puts Yemeni Aid Workers Under Surveillance”
- “Flying into the Future: TSA Introduces Facial Recognition as Next Step in Airport Security”
- “SolarWinds’ Rebranding: Reflecting Growth, Innovation, and Customer Enablement”
- The Rise of BrutePrint: How Biometric Bypass Threatens Fingerprint Security
