Ministries of Foreign Affairs most targeted in the credential harvesting campaign

William S. | October 5, 2021

Some threat actors work for the state, and their job is to target other countries’ government administrations with cyberattacks. By doing so, hackers can steal sensitive classified information, which might be essential to the Ministries of the attacked country.

According to the recent Atlas VPN team findings, Ministries of Foreign Affairs are targeted the most with phishing websites to harvest credentials. Interestingly, the phishing campaign was primarily directed at Foreign Affairs administrations of Belarus, Uzbekistan, and Ukraine.

The data is based on Cyjax analyst insights of over 50 hostnames, which pose as government administration pages. The credential harvesting campaign likely started in the 2020 spring.

Ministries of Foreign Affairs were the target of the credential harvesting campaign in 21.2% of found domains. The web pages in this campaign usually started with “mail.” and frequently included the actual website of the targeted government department as a hostname on the attacker’s domain.

The most number of phishing pages appear to target Belarus, Uzbekistan, and Ukraine. The narrow direction of attacks suggests that this could be a state-sponsored work of an advanced persistent threat (APT). Considering cybercriminals could not get immediate financial gains from stolen information, it is more likely to be a campaign from opposing countries.

Furthermore, technology and finance organizations were each targeted by 9.6% of hosted domains. Establishments of such sort always get plenty of attention from threat actors as they hold valuable information. Hackers, later on, can sell phished-out data on the underground forums and earn a quick buck.

Lastly, 15.4% of fake phishing websites were directed at other types of organizations.

Tips for identifying a phishing website

Phishing is one of the most successful and effective ways for cybercriminals to trick people into giving up their personal and financial information. Even now, when internet users become more aware of such threats, threat actors make phishing attacks more sophisticated and difficult to spot.

An important step when checking whether the website is legit is to look at the URL. The address bar should start with a padlock and check that the URL contains “https://” or “shttp://.” The ‘S’ implies the web address has been encrypted and secured with the SSL certificate. Any data passed through a website without HTTPS could be intercepted by cybercriminals.

In addition, you should examine the content shown on the website. Official websites, especially government domains, will have correct spelling and grammar, high-quality images. On the other hand, you will notice simple grammatical errors and low-resolution graphics on fake phishing websites.

The absence of the “contact us” section on the website is another sign that it may be a phishing site. Official company or government websites will most likely have a page dedicated to their contact information and organization details. It should be a significant red flag if you do not find the organization’s social media, phone number, or email address on its website.

Phishing is now widely regarded as one of the most severe cybersecurity hazards facing all internet users. These attacks are becoming increasingly sophisticated, and victims may suffer significant losses as a result. Although most cybercriminals’ primary aim is to steal money, hacked sensitive data can be utilized for various nefarious purposes, like espionage.

William S.

William S.

Cybersecurity Researcher and Publisher at Atlas VPN. Focused on revealing the latest cybersecurity trends around the world.

Tags:

Phishing

© 2021 Atlas VPN. All rights reserved.