- Joined
- May 15, 2016
- Messages
- 14,523
- Likes
- 2,645
- Points
- 1,730
The suspect posed as a German, Italian and American government agency to freely enter the offices of companies and install phishing malware. Under the guise of taxes, the Italian lured more than € 630,000.
Since October, an Italian hacker, whose name has not been disclosed as part of the investigation, has impersonated government agencies by sending phishing emails designed to infect American and European organizations. The attacker posed as the Federal Ministry of Finance of Germany, Italy and the US Postal Service.
“The URLs used by this actor were formatted with the repeated character _ /. Tmp. For a long time, the hacker did not even make any changes to them, ”summarizes the representative of Proofpoint. “Researchers at our company suspect the use of the word _ /. Tmp may be due to previous thefts that were discovered in the past six months by the infosec community. ”
The criminal scheme was simple: a government official came to the company’s reception room with an “official system security check” and installed malware without hindrance. Including phishing newsletter included in the “repertoire” of the attacker — organizations received letters with the message about the return or tax arrears. Victims needed to open a Word document and fill out a form, and then go to the fake page of non-cash payment.
Only German financiers were able to stop criminal activity by “recounting” the tax return and contacting law enforcement agencies.
Since October, an Italian hacker, whose name has not been disclosed as part of the investigation, has impersonated government agencies by sending phishing emails designed to infect American and European organizations. The attacker posed as the Federal Ministry of Finance of Germany, Italy and the US Postal Service.
“The URLs used by this actor were formatted with the repeated character _ /. Tmp. For a long time, the hacker did not even make any changes to them, ”summarizes the representative of Proofpoint. “Researchers at our company suspect the use of the word _ /. Tmp may be due to previous thefts that were discovered in the past six months by the infosec community. ”
The criminal scheme was simple: a government official came to the company’s reception room with an “official system security check” and installed malware without hindrance. Including phishing newsletter included in the “repertoire” of the attacker — organizations received letters with the message about the return or tax arrears. Victims needed to open a Word document and fill out a form, and then go to the fake page of non-cash payment.
Only German financiers were able to stop criminal activity by “recounting” the tax return and contacting law enforcement agencies.