Researchers at CloudSEK have identified an extensive phishing campaign in which threat actors (TA) were impersonating the Ministry of Human Resources of the UAE government.
Spotted through XVigil, the company’s artificial intelligence (AI) digital risk monitoring platform, the new threat would target various government and corporate entities across the finance, travel, legal, hospital, oil and gas, and consultation industries.
An advisory written by CloudSEK noted that: “The actors created a fake website […] that resembles the legitimate domain […] to defraud users.”
The investigation suggests that this is a large-scale phishing campaign, mainly targeted at individual job seekers and businesses and exposing them to 419 and BEC scams.
“Upon observing the pattern of the email address used to register the domains, domain name, and hosting infrastructure, it can be inferred that a single threat actor or a threat actor group owns all these phishing domains and websites.”
Further investigation of the email address also led to the discovery of 43 domains that shared the same registrant information.
“During the course of our investigation into the fake domain, CloudSEK researchers discovered various other domains on the Open Source Internet (OSINT) that were reported on websites […] as scams, targeting job seekers.”
According to CloudSEK, the phishing project could also be utilised by other threat actors to target specific users and steal their passwords, crypto wallets, documents, and other sensitive information.
To mitigate the impact, the researchers said that companies and individuals should avoid downloading suspicious documents from unknown sources or clicking on suspicious links.
The company said the visibility of file extensions should be enabled (on Windows systems) to spot files like these with unknown file extensions before downloading them.
CloudSEK suggested that using multi-factor authentication (MFA) and the use of up-to-date antivirus and anomaly detection tools could help reduce the impact of these advanced phishing scams.