May 06, 2021
Earlier
Latest
May 12, 2021
Phishing Emails Impersonate Maritime Industry in Likely BEC Campaign
Executive Summary
EclecticIQ threat research analysts recently observed a phishing campaign targeting the maritime industry. The malicious actor uses spoofed emails and socially engineered subject lines and file names to deliver multiple variants of commodity Remote Access Trojans (RAT) and the Masslogger keylogger, often used for stealing credentials. The attached files require user execution and, in some cases, exploit CVE-2017-11882 for initial execution. The campaign also leverages Agent Tesla to compromise web infrastructure for payload delivery and exfiltration of stolen data.
Key Judgements
- It is likely the campaign is using stolen credentials for future business email compromise (BEC) attacks. The tooling shows a focus on credential and email information theft. The phishing email’s subject lines are aimed at on-shore ship and port operators. These organizations deal with regular monetary transfers making them susceptible to BEC attacks.
- It is highly likely phishing campaigns will continue impersonating the maritime industry for credential theft. Malicious actors can easily leverage openly available ship and ship operator information for legitimate-looking phishing emails. Commodity tooling provides easy access to the capabilities needed to harvest credentials and email information. The returns are potentially very lucrative due to regular monetary transfers in the industry and the increasing demand for trade by ship.
Popular
July 30, 2020
CTI Investigation into COVID-19 Contact Tracing Apps
In cooperation with the ThreatFabric research team.
Explore topics
Threats and Vulnerabilities Intelligence Research Malware Threat Intelligence Ransomware Industry STIX and TAXII Threat Intelligence Platform COVID-19 Product MSSP and MDR Corporate Technical XDR Phishing