Feeds

Spear phishers renew attack on feds' Gmail

Gov officials (still) stalked

Intelligent flash storage arrays

A targeted campaign to collect Gmail passwords from senior US government officials and military personnel is showing no signs of letting up more than two months after Google first warned it had already snared hundreds of victims.

According to independent security researcher Mila Parkour, the same attackers sent a new round of highly targeted spear phishing emails as recently as last week that attempted to trick government workers into revealing credentials for their personal Gmail accounts. As was the case in early June the attackers' goal is to monitor the private email of people working in sensitive government and military positions.

“I am posting this only to highlight the fact that once compromises happen and are covered in the news, they do not disappear and attackers don't give up or stop,” Parkour wrote in a blog post published on Thursday. “They continue their business as usual.”

The emails in the latest spear phishing wave contain links that are customized for each recipient, and the sender is forged to appear as a close associate of the receiver. The message is designed to look like a subscription form for a publication that requires authentication using credentials for a Google account.

Parkour tested the attack by responding to an email using an account that closely resembled one of the targeted recipients. To make it appear authentic, she loaded it with Google alerts about human rights and military issues and mail from Chinese-related Google groups. She also changed some of the links in the form to match the account she had set up. The form then sent the phished password to a compromised server for www.softechglobal.com, which is hosted by ThePlanet.com.

Less than two hours later, someone using IP addresses belonging to the Tor anonymity service logged in to the dummy account.

Parkour's update is yet another testament to the determination of the attackers to penetrate the inner circles of high-ranking government and military personnel and once successful, to stay there for as long as possible. The spear phishers have stalked some of their previous victims for more almost a year and in some cases sent the victims emails designed to originate from colleagues in hopes of getting responses that detailed the targets' schedules, contacts, and job responsibilities. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.