SEC Targeted Spear Phishing Campaign

By:  |  Category: Blog, Security Tuesday, March 14th, 2017  |  No Comments
Spear Phishing

A highly developed phishing attack is attempting to gain classified corporate data. Cyber criminals are dispatching spoofed emails alleging to be from the Security and Exchange Commission, and targeting lawyers, compliance managers, and the company officials who are in charge of filing documents with the SEC.

Identified by FireEye as FIN7, this attack selectively targets victims and uses spear phishing to distribute its malware—then demands cash in return for the uncorrupted data. FireEye has observed FIN7 attempts to compromise diverse organizations for malicious operations – usually involving deployment of point-of-sale malware – primarily against the retail and hospitality industries.

Spear Phishing Campaign

All of victims of this targeted spear phishing campaign appear to be involved with SEC filings for their respective organizations. Many of the recipients were even listed in public record for their company’s SEC filings.

The sender email address is spoofed as EDGAR <[email protected]>, the attachment is named “Important_Changes_to_Form10_K.doc”.

The Targets

According to FireEye they have identified 11 targeted organizations in the following sectors:

  • Financial services, with different victims having insurance, investment, card services, and loan focuses
  • Transportation
  • Retail
  • Education
  • IT services
  • Electronics

All these businesses are US based but many also have an international presence. As the SEC is a U.S. regulatory organization, it’s obvious the recipients of these spear phishing attempts work for a U.S.-based organizations or for a U.S.-based representative of organizations located elsewhere. However, it is possible that the attackers could modify the malware to perform similar activity mimicking other regulatory organizations in other countries.

The International Cyber Mafia

John Miller, the director of threat intelligence at FireEye, depicted the cyber criminals as among “the most sophisticated financial actors” and said their methods were similar to hackers who targeted ATM machines and other parts of the banking system. He also warned the hacking tools they sought to install were particularly insidious.

“It’s the Swiss army knife of malware. It lets you do whatever you want to with the compromised system,” Miller said. Fin7 is the first international cyber mafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China.

Please notify your key financial employees handling regulatory filings to beware of clicking on ANY links, familiar or unfamiliar. Make sure your staff is trained on cyber security best practices and know how to spot a phishing email.

For more information: Join us at our free Cyber Security in the Workplace Event and Cooking Class Event on April 27th from 12:00 to 2:30pm at BBQ Galore in the Irvine Marketplace. Contact [email protected] to register.


Source Image: https://www.pexels.com/photo/photo-of-person-holding-fishing-rod-2473502/

Leave a Comment
Read previous post:
Fake Netflix app
Ransomware Targeting Users Through Fake Netflix App

A fake Netflix App?  NOOOOO.... Kaspersky put up the red flag on their blog this last week: "People are downloading...