Categories: News

Phishing scams: Chinese malware gang targets India

According to Blackberry’s Research and Intelligence Team, there are three phishing scams targeting Indian nationals. They are apparently coming from a Chinese state-sponsored malware gang.

Phishing scams from old attackers

Blackberry identified an Advanced Persistent Threat as APT41, a group that has been carrying out espionage and financially motivated operations since at least 2012. The targeted industries include travel, telecommunications, healthcare, news, and education.

Blackberry made an interesting discovery in India. They were able to join the dots between phishing and malware called “Cobalt Strike” by monitoring the C2 activity. This activity had similarities to other attacks, but was unique in that it used a bespoke, malleable command-and-control profile.

Researchers found that past and new phishing campaigns are associated with each other. So, according to the study, HTTP GET profile blocks that were identical to those on past campaigns, as well as similarities in beacon configuration data. Unique clusters of phishing campaigns were also found with unique metadata, which the researchers said belonged to APT41.

Hackers hide behind “mistakes”

The cyber attackers didn’t vary the domains they used in their campaigns. The naming conventions used were similar, for example replacing “i” with “l” or omitting a letter. Moreover, these similarities hinted at connections between different campaigns.

The Blackberry Squad found three phishing lures targeting Indian nationals trying to trick them into giving up their personal information. Thus, the attackers disguised the lures as government communication about taxes or COVID-19.

The phishing lure is one of APT41’s favorite tools. But it typically goes hand in hand with information stealers, keyloggers, and backdoors. Once it’s on the user’s machine, the threat blends in by using a customized profile to shield its network traffic.

Dangerous PDFs

So, the gang hid three different phishing in PDFs. One used a self-extracting archive, one a PowerShell script, and the last a zip file.

But the Blackberry could not uncover the additional infrastructure. Still, Blackberry mentioned that according to the findings, the campaign is linked to others, documented by Positive Technologies and Prevailion.

The team at Blackberry noted that the APT41 group is conducting new campaigns, and they will likely continue to do so in the future.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

2 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago