Researchers have identified attacks impersonating tax authorities from several countries to compromise organizations and release a custom backend program called Voldemort. While the campaign uses techniques seen in financially motivated cybercrime attacks, researchers believe the real purpose is espionage based on the characteristics of the malware used.
The focus of the campaign is unusual for a persistent persistent threat (APT) in that it involved more than 20,000 phishing messages in various languages affecting more than 70 organizations worldwide. Non-tax agencies include the US Internal Revenue Service, UK’s HM Revenue & Customs, France’s Direction Générale des Finances Publiques, Germany’s Bundeszentralamt für Steuern, Agenzia delle Entrate of Italy, the Indian Revenue Department, and the National Tax Agency of Japan. The latter two were spotted in the latest attack, suggesting the campaign is expanding and adding more languages.
Target organizations span 18 verticals, with insurance being the target, accounting for nearly a quarter. Aerospace, transportation, education, and finance are ranked.
Source link