U.S. government contractors are being targeted by an ongoing phishing campaign that once used PDF files pertaining to the bidding process for Department of Labor projects but has since expanded to impersonate the Department of Commerce and the Department of Transportation, according to BleepingComputer.
Aside from leveraging different lures in phishing messages, attackers behind the updated campaign have also utilized improved phishing page web behavior, as well as removed artifacts indicating fraudulent activity in old PDF attachments, a report from Cofense revealed. Attackers have applied more consistent formatting, bigger logos, and linked PDF files in the new emails, while the PDF files have not only been simplified but also featured metadata corresponding to the spoofed department.
Moreover, HTTPS has been used on all phishing websites, which have also been given longer domains to better conceal malicious activity, the report said.
"Given the advancements seen in each area of the phishing chain, it is likely the threat actors behind these campaigns will continue to innovate and improve upon their already believable campaigns," said Cofense.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news