Kết quả hình ảnh cho Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy1 ngày trước Hackers sent Joe Biden's presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services (such as Dropbox) to avoid detection. The emails were an attempt to steal staffers' credentials and infect them with malware.
Hackers sent Joe Biden’s presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services (such as Dropbox) to avoid detection. The emails were an attempt to steal staffers’ credentials and infect them with malware.
The unsuccessful advanced persistent threat group (APT) attacks on Biden’s campaign were first uncovered in June, along with cyberattacks targeting Donald Trump’s campaign. However, the details of the attacks themselves, and the tactics used, were scant until Google Threat Analysis Group’s (TAG) Friday analysis.
“In one example, attackers impersonated McAfee,” said researchers on Friday. “The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while malware was simultaneously silently installed to the system.”
The campaign was based on email based links that would ultimately download malware hosted on GitHub, researchers said. The malware was specifically a python-based implant using Dropbox for command and control (C2), which once downloaded would allow the attacker to upload and download files and execute arbitrary commands.
Every malicious piece of this attack was hosted on legitimate services – making it harder for defenders to rely on network signals for detection, researchers noted.
Google attributed the attack on Biden’s campaign staff to APT 31 (also known as Zirconium). According to reports, this threat actor is tied to the Chinese government.
Beyond staffers on the “Joe Biden for President” campaign, APT 31 has also been targeting “prominent individuals in the international affairs community, academics in international affairs from more than 15 universities,” according to previous Microsoft research.
The threat group’s TTPs include using web “beacons” that are tied to an attacker-controlled domain. The group then sends the URL of the domain to targets via email text (or attachment) and persuades them to click the link via social engineering.
“Although the domain itself may not have malicious content, [this] allows Zirconium [APT 31] to check if a user attempted to access the site,” said Microsoft. “For nation-state actors, this is a simple way to perform reconnaissance on targeted accounts to determine if the account is valid or the user is active.”
On the other side of the coin, the personal email accounts of staffers associated with the “Donald J. Trump for President” campaign have also been targeted by another threat group called APT 35 (also known as Phosphorus and Charming Kitten), which researchers said operates out of Iran. The Iran-linked hacking group has been known to use phishing as an attack vector, and in February was discovered targeting public figures in phishing attacks that stole victims’ email-account information.
government vulnerabilities web security credential cyberattack donald trump dropbox election security google google threat analysis group joe biden mcafee phishing spear phishing us presidential election
Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers.
Phishing emails tell recipients that their voter's registration applications are incomplete – but instead steal their social security numbers, license data and more.
The cybercriminal group has plagued firms with ransomware, sent via spear phishing emails with COVID-19 lures, since March.
Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's Chrome 86: Critical Payments Bug, Password Checker Among Security Notables ... Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS ...
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.