APT Uses Spear Phishing in New Campaign

An advanced persistent threat group, active since at least 2016 and suspected in exploiting multiple attacks around the globe, is reportedly targeting institutions in Europe and Russia, according to a report released today from NETSCOUT Arbor. On 13 August NETSCOUT’s ASERT team identified new spear-phishing campaign activity from the financially motivated hacking group Cobalt. Given that the messages appear to be coming from a trusted source, many victims fall prey to these types of campaigns in which malicious actors disguise themselves as other financial institutions. The phishing messages used to gain entry look as if they come from a financial vendor or partner domains, increasing the likelihood of infection. In addition, the group reportedly uses tools that allow them to bypass Window’s defenses. NS Bank in Russia and Banca Comerciala Carpatica of Romania were the two phishing targets found in which one of the phishing emails was weaponized with two malicious URLs.