Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

FCC Employees Targeted in Sophisticated Phishing Attacks

Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees.

Federal Communications Commission (FCC) employees and cryptocurrency platforms have been targeted in mobile device phishing attacks employing a novel and advanced kit, cybersecurity firm Lookout warns.

Using the new kit, attackers create carbon copies of single sign-on (SSO) pages that trick victims into sharing their login credentials using a combination of email, SMS and vishing (voice phishing).

The same tactics have been used to obtain password reset URLs and photo IDs, with hundreds of individuals, mostly in the United States, already victimized.

FCC employees, Lookout reveals, were lured to a phishing page on fcc-okta[.]com, which mimics the legitimate FCC SSO page, where they were asked to complete a captcha using hCaptcha, creating the illusion of legitimacy.

Next, the victim was prompted to provide their username and password, and then asked to either wait, sign in, or provide a multi-factor authentication (MFA) token, based on a series of options the phishing page’s administrators could use in real time.

According to Lookout, an administrator monitoring the page could view the provided credentials in a table and was likely attempting to validate them by logging in on the legitimate page.

If additional information was needed, the administrator could then customize the phishing page accordingly, to obtain MFA codes or SMS-based tokens, the last digits of the victim’s phone number, and other details.

After attempting to sign in, the operator could then redirect the victim to any page, including the real sign in portal, or a custom page to keep the victim waiting, such as one telling “the victim that their account is under review and to try to log in later at a time specified by the operator,” Lookout explains.

Advertisement. Scroll to continue reading.

Based on the identified references to cryptocurrency platforms and SSO services, the cybersecurity firm believes that the phishing kit can impersonate numerous brands, including pages targeting the employees and users of Binance and Coinbase.

“A high percentage of the credentials collected by these sites look like legitimate email addresses, passwords, OTP tokens, password reset URLs, photos of driver’s licenses and more. The sites seem to have successfully phished more than 100 victims, based on the logs observed,” Lookout notes.

While the FCC SSO page was taken down, most of the identified phishing sites continue to operate. Some of them have been active since November 2023, hosted by various providers, including Hostwinds, Hostinger, and RetnNet.

The attacks show similarities with the operations of a threat actor known as Scattered Spider, but Lookout believes that this phishing campaign is operated by a different, likely copycat group, based on differences in infrastructure and capabilities.

Related: Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns

Related: US Government Releases Anti-Phishing Guidance

Related: US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Phishing

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Cybercrime

Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Phishing

The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...