Ministries of Foreign Affairs most targeted in the credential harvesting campaign
October 2021 by Atlas VPN
Some threat actors work for the state, and their job is to target other countries’ government administrations with cyberattacks.
According to the recent Atlas VPN team findings, Ministries of Foreign Affairs are targeted the most with phishing websites to harvest credentials. Interestingly, the phishing campaign was primarily directed at Foreign Affairs administrations of Belarus, Uzbekistan, and Ukraine.
Ministries of Foreign Affairs were the target of the credential harvesting campaign in 21.2% of found domains. The web pages in this campaign usually started with “mail.” and frequently included the actual website of the targeted government department as a hostname on the attacker’s domain.
The most number of phishing pages appear to target Belarus, Uzbekistan, and Ukraine. The narrow direction of attacks suggests that this could be a state-sponsored work of an advanced persistent threat (APT).
Furthermore, technology and finance organizations were each targeted by 9.6% of hosted domains. Establishments of such sort always get plenty of attention from threat actors as they hold valuable information.
Lastly, 15.4% of fake phishing websites were directed at other types of organizations.
Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on phishing attacks:
“Phishing is now widely regarded as one of the most severe cybersecurity hazards facing all internet users. These attacks are becoming increasingly sophisticated, and victims may suffer significant losses as a result. Although most cybercriminals’ primary aim is to steal money, hacked sensitive data can be utilized for various nefarious purposes, like espionage.”