Teacher
Professional
- Messages
- 2,670
- Reaction score
- 783
- Points
- 113
Hackers pretend to be officials in order to get as much money as possible.
A report by leading company Proofpoint uncovered a sophisticated scheme of cyber fraud carried out by the hacker group TA4903. This gang specializes in BEC attacks (compromising corporate mail) and in recent years has been launching phishing campaigns under the guise of various US government agencies.
As a cover for their illegal actions, cybercriminals impersonate the United States Department of Transportation, the Department of Agriculture, and the Small Business Administration. The emails they send out contain malicious PDF applications with QR codes.
When scanning the QR code, the victim is redirected to carefully disguised phishing sites that mimic the official portals of institutions. Depending on the decoy used, users may be redirected to fake Office 365 login pages.
Although the TA4903 group has been operating since at least 2019, Proofpoint experts note a sharp intensification of its activity from mid-2023 to the present. In the past, attackers used the EvilProxy tool to bypass multi-factor authentication, but this year this method was not used.
TA4903's motivation is purely financial. Having gained unauthorized access to corporate networks and email accounts, cybercriminals carefully examine them for information about bank details, payments, and data of trading partners. Based on this information, they carry out BEC attacks, sending fake requests to pay bills or change payment details on behalf of hacked accounts.
In a number of incidents recorded since mid-2023, attackers sent emails on behalf of compromised partner organizations that were almost indistinguishable from the real ones. Victims were informed of an alleged cyberattack and asked to update their payment details.
Proofpoint estimates that TA4903 poses a significant threat to organizations around the world, targeting a wide range of organizations. Recently, experts have noted a shift in focus from hacking government agencies to small businesses, but it is not yet clear whether this is a temporary tactic or the beginning of a new trend.
The complexity of the BEC attack scheme, which includes several stages, provides organizations with many opportunities to detect malicious activity. Nevertheless, a comprehensive multi-level approach to ensuring information security remains an effective tool for countering such threats.
A report by leading company Proofpoint uncovered a sophisticated scheme of cyber fraud carried out by the hacker group TA4903. This gang specializes in BEC attacks (compromising corporate mail) and in recent years has been launching phishing campaigns under the guise of various US government agencies.
As a cover for their illegal actions, cybercriminals impersonate the United States Department of Transportation, the Department of Agriculture, and the Small Business Administration. The emails they send out contain malicious PDF applications with QR codes.
When scanning the QR code, the victim is redirected to carefully disguised phishing sites that mimic the official portals of institutions. Depending on the decoy used, users may be redirected to fake Office 365 login pages.
Although the TA4903 group has been operating since at least 2019, Proofpoint experts note a sharp intensification of its activity from mid-2023 to the present. In the past, attackers used the EvilProxy tool to bypass multi-factor authentication, but this year this method was not used.
TA4903's motivation is purely financial. Having gained unauthorized access to corporate networks and email accounts, cybercriminals carefully examine them for information about bank details, payments, and data of trading partners. Based on this information, they carry out BEC attacks, sending fake requests to pay bills or change payment details on behalf of hacked accounts.
In a number of incidents recorded since mid-2023, attackers sent emails on behalf of compromised partner organizations that were almost indistinguishable from the real ones. Victims were informed of an alleged cyberattack and asked to update their payment details.
Proofpoint estimates that TA4903 poses a significant threat to organizations around the world, targeting a wide range of organizations. Recently, experts have noted a shift in focus from hacking government agencies to small businesses, but it is not yet clear whether this is a temporary tactic or the beginning of a new trend.
The complexity of the BEC attack scheme, which includes several stages, provides organizations with many opportunities to detect malicious activity. Nevertheless, a comprehensive multi-level approach to ensuring information security remains an effective tool for countering such threats.
