Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Sophisticated Phishing Attacks Target Internet Freedom Activists

The Electronic Frontier Foundation (EFF) revealed on Wednesday that employees of Internet freedom NGOs “Free Press” and “Fight for the Future” have been targeted in sophisticated spear-phishing attacks.

The Electronic Frontier Foundation (EFF) revealed on Wednesday that employees of Internet freedom NGOs “Free Press” and “Fight for the Future” have been targeted in sophisticated spear-phishing attacks.

The EFF is aware of nearly 70 attempts to steal the credentials of net neutrality activists between July 7 and August 8. The attacks, believed to be the work of a single entity, were designed to steal credentials associated with Google, Dropbox, LinkedIn and other online services.

At least one account was hijacked and abused to send out more phishing emails to other individuals within the victim organization. The EFF said the attacks did not involve any malware and it’s unclear what the attackers had hoped to accomplish once they obtained account credentials.

The attackers used various tricks to lure targeted individuals to their phishing pages. In some cases, they sent out fake LinkedIn notification messages that contained links to Gmail phishing sites. Other messages showed that the attackers had studied their targets – Fight For The Future Campaign Director Evan Greer was targeted via an email asking about her music, and another employee received malicious emails purporting to be from her husband.

The hackers also sent emails that appeared to notify a user of comments to their YouTube video, ones with clickbait headlines referencing net neutrality and tabloid topics, and fake subscriptions to adult websites.

The EFF has not attributed these attacks to a specific actor or country, but the organization did point out that the individuals behind the attacks appear to be working from an office, with Saturday and Sunday off, during working hours associated with the UTC+3 – UTC+5:30 timezones.

These timezones cover countries and regions such as Eastern Europe, Russia, part of the Middle East, and India. However, it’s worth noting that Saturday and Sunday are not weekend days in many Middle Eastern countries. The IP from which the one compromised account was accessed did not provide any clues as it was associated with a VPN service.

“The sophistication of the targeting, the accuracy of the credential phishing pages, the working hours, and the persistent nature of the attacks seem to indicate that the attackers are professionals and had a budget for this campaign,” the EFF’s Eva Galperin and Cooper Quintin said in a blog post.

Advertisement. Scroll to continue reading.

However, the EFF does not believe the campaign has been carried out by a nation-state actor.

“Although this phishing campaign does not appear to have been carried out by a nation-state actor and does not involve malware, it serves as an important reminder that civil society is under attack. It is important for all activists, including those working on digital civil liberties issues in the United States, to be aware that they may be targeted by persistent actors who are well-informed about their targets’ personal and professional connections,” the EFF said.

Related: Amnesty Warns of Phishing Attacks on Qatar Activists

Related: Researchers Devise Hopeful Defense Against Credential Spear Phishing Attacks

Related: Could Killing of FCC Privacy Rules Lead to End of Net Neutrality?

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.