.post-body img { max-width: 100%; max-height: auto; display: block; margin: auto; }

Spear Phishing: Major Threats Faced by Public Agencies and Security Firms


 By Grace Williams



Summary

Recently, the issue of spear phishing has been growing. The Iranian hacker group CharmingCypress targets policy experts in the Middle East, North Korean hackers exploit DMARC vulnerabilities to target experts in the United States and East Asia, and EU hackers leverage European Union-related events to attack various organizations. This has further emphasized the importance of cybersecurity and effective defense strategies.



1. Iranian hackers target Middle Eastern policy experts in Spear Phishing Attacks

Make an image of spear phishing

According to Volexity, a cybersecurity company based in Washington, the Iranian hacker group known as Charming Cypress (also known as Charming Kitten, APT42, TA453) is is currently executing spear phishing attacks against high-ranking officials in the Middle East.They are targeting think tanks, NGOs, and journalists to gather political information. Charming Cypress utilizes social engineering tactics such as engaging targets in prolonged conversations over email before sending links to malicious content.

In particular, they have also created fake webinar platforms to use as bait. In September and October 2023, they carried out spear phishing attacks disguised as the Rasanah International Institute for Iranian Studies (IIIS), using multiple typo-squatted domains to mimic legitimate domains. This was an impersonation of a Riyadh-based research institution specializing in Iranian politics. Vollexiti said that considerable effort was devoted to the fake webinar portal, which featured interfaces with logos of the impersonated organization.

In the above case, the hacker group used sophisticated social engineering techniques, such as building trust through prolonged email conversations before sending malicious links, and fabricating fake webinar platforms to deceive victims into installing malware-containing VPN applications.


As a result, the cybersecurity firm Volexity was targeted by a phishing attack impersonating the Rasanah Institute, leading to data theft via the fake webinar portal.




2. U.S. Agencies Issue Warning on North Korean Spear Phishing Attacks

Make an image of North Korean spear phishing attacks

The Federal Bureau of Investigation (FBI), State Department, and National Security Agency (NSA) have warned that North Korean cyber attackers are using misconfigured DMARC (Domain-based Message Authentication, Reporting & Conformance) policies to hide their social engineering attempts. They conducted spear phishing campaigns by impersonating journalists, scholars, or experts in East Asian policy. Additionally, these attacks were utilized for sending "spoofing" phishing emails to various organizations, including hospitals and healthcare systems.


Hackers conducted spear phishing attacks targeting healthcare institutions like hospitals using malware called HappyDoor. This malware is delivered via email attachments, allowing the hackers to steal information from infected systems and install backdoors for further hacking attempts. As a result, the affected hospitals suffered serious damage, including system paralysis and data leakage.




3. Spear Phishing Campaign Targeting the European Union

Make an image of  spear phishing campaigns targeting EU organizations using political and diplomatic events

EU organizations are being targeted by spear phishing campaigns that exploit EU political and diplomatic events. According to the 2023 threat report from the EU's Computer Emergency Response Team (CERT-EU), hackers are sending emails with malicious attachments, links, or fake PDF documents using EU agendas.

Various EU event-related information, such as the Swedish EU Council Presidency, the EU-Latin America and Caribbean Community Summit (CELAC), the RELEX Diplomatic Affairs Committee, and the EU LegisWrite program, was used as bait. The primary focus is on individuals and organizations working in diplomacy, defense, and transportation sectors, with hackers often masquerading as EU institution employees or public administration officials to gain credibility.

Besides emails, hackers conducted attacks through WhatsApp messages and various social media platforms. This includes emails and WhatsApp messages pretending to be from an EU institution's department head, along with SMS phishing attacks. These spear phishing attacks are associated with political events within the EU to easily gain victims’ trust, primarily aiming to steal sensitive information or installing malware on systems.

In this above case, the EU was exposed to sophisticated social engineering attacks through phishing emails aimed at gaining the trust of victims, as well as attacks via various social media platforms. Additionally, there were hacking risks targeting high-ranking officials working in the diplomacy, defense, and transportation sectors, with hackers impersonating EU agencies as employees or administrators, leading to damage through malicious codes infected via malicious links or attachments and subsequent information leakage.



4. Conclusion

As spear phishing attacks become increasingly sophisticated and prevalent, the importance of cybersecurity is being emphasized more than ever.Not only the cybersecurity firm BlackCity located in the United States, but also public institutions and governments that we commonly know, such as U.S. federal agencies, and the European Union (EU), could be vulnerable to these types of attacks.

It is essential to adopt cutting-edge security technologies to effectively counter cyber threats. The international email security standards formulated by the ITU are crucial in proactively preventing spear phishing attacks. Furthermore, enhancing continuous security education and sharing information is imperative to strengthen collaboration between public institutions and private enterprises. This enables organizations and businesses to share the latest threat trends and counterstrategies, and to respond more quickly by exchanging threat information in real time.

Collaboration between public and private sectors is essential for bolstering cybersecurity. Particularly, reinforcing user education is necessary to empower individuals to recognize and appropriately respond to suspicious emails or links. Addressing increasingly sophisticated spear phishing attacks requires a comprehensive approach encompassing technological, educational, and collaborative aspects.

If you would like to learn more about spear phishing attack types, please refer to the link below.


https://mailinspector2.blogspot.com/2023/10/understanding-email-attacks-and.html

https://mailinspector2.blogspot.com/search/label/Social%20Enigneering



5. References

<Iranian Hackers Target Mideastern Experts In Spear-Phishing Attacks>

https://www.iranintl.com/en/202402164333

<Agencies issue cyber advisory on North Korean spear phishing efforts>

https://www.aha.org/news/headline/2024-05-03-agencies-issue-cyber-advisory-north-koran-spear-phishing-efforts

<North Korean Hackers Using New ‘HappyDoor’ Malware Used In Email Attacks>

https://cybersecuritynews.com/north-korean-hackers-happydoor-malware/#google_vignette

<Hackers Exploit EU Agenda in Spear Phishing Campaigns>

https://www.infosecurity-magazine.com/news/hackers-exploit-eu-agenda-spear/



Post a Comment

0 Comments