A recent article warns of election related spear-phishing and malware infected emails.
In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns.
These e-mails came from a mix of attacker created Google Gmail accounts and was appears to be compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS). These e-mails were sent in large quantities to different individuals across many organizations and individuals focusing in national security, defense, international affairs, public policy, and European and Asian studies. Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis into the elections. Two of the other attacks purported to be eFax links or documents pertaining to the election’s outcome being revised or rigged. The last attack claimed to be a link to a PDF download on “Why American Elections Are Flawed.”
The post-election attacks launched by the Dukes on November 9 were very similar to previous attacks seen from the Dukes in both 2015 and 2016. The PowerDuke malware, first seen in August 2016, was once again used in these most recent attacks. Three of the five attack waves contained links to download files from domains that the attackers appear to have control over. The other two attack contained documents with a malicious macros embedded within them. Each of these different attack waves were slightly different from one another and are detailed below.
Attack Wave 1: eFax – The “Shocking” Truth About Election Rigging
Attack Wave 2: eFax – Elections Outcome Could Be revised [Facts of Elections Fraud]
Attack Wave 3: Why American Elections Are Flawed
More information can be found at: https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/