Russian spear phishing attack against .mil and .gov employees
Last Updated on Monday, 8 February 2010 08:52 Written by Jeffreycarr Monday, 8 February 2010 08:52
A “relatively large” number of U.S. government and military employees are being taken in by a spear phishing attack which delivers a variant of the Zeus trojan. The email address is spoofed to appear to be from the NSA or InteLink concerning a report by the National Intelligence Council named the “2020 Project“. It’s purpose is to collect passwords and obtain remote access to the infected hosts. Considering the target (.gov and .mil employees), and the purpose, I can’t imagine a better use for a National Security Letter than to have one hand-delivered to the company who has been leasing servers to these bad actors for years.
Brian Krebs broke the story.
Jim McQuaid adds additional info.
And this week’s IntelFusion FLASH Traffic explores the problem in greater depth (subscription service).
Bottom line, the U.S. needs to emulate China and start forcing bad ISPs to either clean up their act or shut them down. This is getting friggin’ embarassing.
[...] from his e-mail address. Carr said the campaign that abused his name probably was in response to his recent blog post about the .mil and .gov attacks. var addthis_language = 'en';var addthis_options = 'email, [...]
[...] sent to government and military employees with security expert Jeffrey Carr as the apparent sender. Carr posted a blog last monday mentioning the post from Brian Krebs. These two attacks, although aimed at the government, [...]
[...] electrónico. Carr dijo que la campaña que abusó de su nombre probablemente fue en respuesta a un artículo reciente en su blog sobre los ataques .mil y .gov. Traducción: Raúl Batista – Segu-info Autor: Brian Krebs [...]