State-backed phishing targets govt employees with fast food lures

BleepingComputer

Sergiu Gatlan

More than a dozen state-backed hacking groups are actively targeting U.S. Government employees and healthcare organizations in phishing campaigns that use lures designed to take advantage of the fears surrounding the COVID-19 pandemic.

"TAG has specifically identified over a dozen government-backed attacker groups using COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to click malicious links and download files," Google Threat Analysis Group's Director Shane Huntley said in a blog post.

"Our security systems have detected examples ranging from fake solicitations for charities and NGOs, to messages that try to mimic employer communications to employees working from home, to websites posing as official government pages and public health agencies." Free fast food for passwords
Out of these ongoing attacks, TAG highlighted a phishing campaign that employed fast food lures to redirect targeted US govt employees to landing pages asking for their credentials. "Some messages offered free meals and coupons in response to COVID-19, others suggested recipients visit sites disguised as online ordering and delivery options," Huntley explained.

"Once people clicked on the emails, they were presented with phishing pages designed to trick them into providing their ...

Get the Morning Update

Thanks for subscribing!