The analysis from DomainTools Investigations — which tracks online website infrastructure to identify cyber threats — said the digital infrastructure of one U.S.-based technology firm and several defense and aerospace firms in the UK, France, South Korea, Turkey, Italy and Ukraine had been spoofed in the campaign.
Many of the sham websites were registered through Spaceship, a web domain hosting site, and first observed between late December and early March. The investigation identified a total of 878 spoofed domains with naming conventions that slightly modified the actual targeted contractors’ website addresses.
Phishing scams are a common but powerful cyber-espionage tactic that can leverage combinations of malware and social engineering to exploit vulnerabilities in computer systems or trick unwitting people into handing over personal information about themselves, including login credentials needed to access sensitive data.
A DomainTools spokesperson declined to provide the specific names of companies targeted for security and privacy reasons, although the report noted that a likely phishing page tied to Ukroboronprom, Ukraine’s major state-owned defense industry conglomerate, was identified in December. The spokesperson also declined to say if DomainTools alerted the targeted contractors, or whether it notified the Office of the Director of National Intelligence, FBI or National Security Agency of the activities.
“There is insufficient evidence to attribute this activity to a known actor; however, the activity likely has a cyber espionage motivation,” the report said, adding that the assessment is made with “moderate confidence based on the tactics, techniques and procedures (TTPs) and the heavy focus on the defense ..
Support the originator by clicking the read the rest link below.
