Global-Scale Phishing Attack Brings New Malware. There’s an ongoing, global-scale phishing attack you should be aware of, even if your firm isn’t a current target.
Mandiant is tracking the Global-scale phishing attack, who recently published a report about it. According to that report, the plan of attack was in waves, hitting more than 50 different organizations spanning a broad range of industries.
These Global-scale phishing attacks happened on December 2nd, December 11th, and again on December 18th, 2020.
Two things make this Global-Scale Phishing attack brings particularly worrisome. First, Mandiant was unable to identify a specific threat actor behind them. Due to that, they’re simply tracking the group as “UNC2529,” with the UNC identifier tagging the group as currently unknown and uncategorized.
Second is the fact that there’s a high level of talent behind the attacks, as it uses highly targeted spear-phishing techniques to deploy three different strains of malware never seen before. Even worse is that the group has taken great pains to ensure that their malicious malware code lands on target systems undetected.
A spokesman for Mandiant had this to say about the Global-scale phishing attacks:
The threat actor extensively used obfuscation and file-less malware to complicate detection to deliver a well-coded and extensible backdoor.
“One interesting fact about the whole ecosystem is that only the downloader exists in the file system. The rest of the components serialize in the registry database, making their detection somewhat harder, especially by file-based antivirus engines.
Masquerading as the account executive, seven phishing emails observation in targeting the medical industry, high-tech electronics, automotive and military equipment manufacturers, and a cleared defense contractor with subject lines particular to the products of the California-based electronics manufacturing company.”
The majority of the global-scale phishing attacks are focusing on the United States. However, roughly a quarter of them have hit organizations in Europe, Asia, and Africa, making it a truly global campaign. Stay vigilant. As yet, no clear picture has emerged regarding the ultimate malware aims and goals of this mystery group.