A newly registered domain disguises itself as an official Electronic Frontier Foundation (EFF) website and is being used in various spear phishing attacks.
The site, electronicfrontierfoundation[dot]org, serves up malware and appears to be part of the larger “Operation Pawn Storm” campaign, the EFF wrote. This portion of the campaign relies on a Java exploit, which is delivered through a redirect from the EFF spoof site. The redirect sites changes every time and is disabled immediately after a malicious payload is received.
This attack uses the same path names, Java payloads and Java exploit as other Pawn Storm attacks, leading the EFF to believe the group is “certainly” using this new tactic.
Noting that Oracle patched this Java vulnerability, the EFF writes that this attack is an “excellent reminder for everyone to be vigilant against phishing attacks.”