Phishing: Going after specific targets
Phishing attacks get their name from the idea that fraudsters prey on unsuspecting victims by using fake or fake email as bait. Phishing attacks extend the fishing analogy as attackers specifically target high-value victims and organizations. Instead of trying to obtain the bank statements of 1,000 consumers, an attacker may find it more profitable to target a few businesses. A hacker may target an employee working for another government agency, or a government official, to steal government secrets. For example, the Iranian cyberespionage group APT42 is known to use sophisticated phishing techniques that involve impersonating multiple organizations and individuals known or of interest to their victims.
Phishing attacks are highly effective because attackers spend a lot of time creating information specific to the recipient, such as referring to a conference the recipient may have recently attended or sending a malicious attachment where the file name refers to a topic of interest to the recipient.
In a 2017 phishing campaign, Group 74 (also known as Sofact, APT28, Fancy Bear) targeted cybersecurity professionals with emails pretending to be related to the Cyber Conflict US conference, an event organized by the United States Military Academy’s Army Cyber Institute, the NATO Cooperative Cyber Military Academy, and the NATO Cooperative Cyber Defense Center of Excellence. While CyCon is a real conference, the attachment was actually a document containing a malicious Visual Basic for Applications (VBA) macro that could download and execute a malware called Seduploader.
Source link