Tweet
The use of legitimate remote monitoring and management (RMM) tools among cybercriminals targeting government firms have gotten so widespread that US Federal law enforcement and intelligence agencies have been forced to issue a joint warning.
In their alert, the NSA, CISA, and MS-ISAC said they discovered malicious activity inside the networks belonging to āmultiple federal civilian executive branch (FCEB) agenciesā.
The organizations were prompted to do the analysis after cybersecurity researchers Silent Push published their report in October 2022. To do that, they deployed EINSTEIN - a federal civilian executive branch (FCEB)-wide intrusion detection system (IDS) operated and monitored by CISA, to analyze the state of the networks.
[HEADING=1]Fake help desk emails[/HEADING]
What they found was linked to a āwidespread, financially motivated phishing campaignā Silent Push had earlier referred to.
The crooks start by sending fake help desk phishing emails to email addresses belonging to people working for various government institutions.
āThe authoring organizations assess that since at least June 2022, cyber criminal actors have sent help desk-themed phishing emails to FCEB federal staffās personal, and government email addresses,ā it says in the alert. āThe emails either contain a link to a āfirst-stageā malicious domain or prompt the recipients to call the cybercriminals, who then try to convince the recipients to visit the first-stage malicious domain.ā
Read more
The goal of the campaign is to have the victims download RMM, in an attempt to refund the money accidentally paid for software (the victims never really paid for anything, but thatās part of the fraud scheme). Once they download and run the software, the crooks will try and get them to log into their bank accounts. If that happens, they find a way to steal the money.
āAlthough this specific activity appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipientās organizationāfrom both other cybercriminals and APT actors,ā the organizations further stated.
āMalicious cyber actors could leverage these same techniques to target National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) networks and use legitimate RMM software on both work and home devices and accounts.ā
[ul]
[li]Here is our list of the best firewalls today[/li][/ul]
Via: BleepingComputer
Continue readingā¦
In their alert, the NSA, CISA, and MS-ISAC said they discovered malicious activity inside the networks belonging to āmultiple federal civilian executive branch (FCEB) agenciesā.
The organizations were prompted to do the analysis after cybersecurity researchers Silent Push published their report in October 2022. To do that, they deployed EINSTEIN - a federal civilian executive branch (FCEB)-wide intrusion detection system (IDS) operated and monitored by CISA, to analyze the state of the networks.
[HEADING=1]Fake help desk emails[/HEADING]
What they found was linked to a āwidespread, financially motivated phishing campaignā Silent Push had earlier referred to.
The crooks start by sending fake help desk phishing emails to email addresses belonging to people working for various government institutions.
āThe authoring organizations assess that since at least June 2022, cyber criminal actors have sent help desk-themed phishing emails to FCEB federal staffās personal, and government email addresses,ā it says in the alert. āThe emails either contain a link to a āfirst-stageā malicious domain or prompt the recipients to call the cybercriminals, who then try to convince the recipients to visit the first-stage malicious domain.ā
Read more
Scammers are spoofing official UK Government Energy Support Scheme websites
Chinese government hackers apparently stole millions in Covid benefits
Hereās our list of the best ID theft protection tools right now
Chinese government hackers apparently stole millions in Covid benefits
Hereās our list of the best ID theft protection tools right now
āAlthough this specific activity appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipientās organizationāfrom both other cybercriminals and APT actors,ā the organizations further stated.
āMalicious cyber actors could leverage these same techniques to target National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) networks and use legitimate RMM software on both work and home devices and accounts.ā
[ul]
[li]Here is our list of the best firewalls today[/li][/ul]
Via: BleepingComputer
Continue readingā¦