Ongoing Credential Harvesting Campaign Targets Government Agencies in APAC

Share It On:

24th September 2021, Kathmandu

Ongoing Credential Harvesting Campaign Targets Government Agencies in APAC, EMEA

Security researchers found an issue of credential harvesting campaigns targeting government agencies across seven countries in the Asia-Pacific (APAC), Europe, and the Middle East and Africa (EMEA) regions. Since the beginning of 2020 the campaign has been active, security researchers discovered at threat intelligence firm Cyjax.

Credential harvesting is a method of collecting compromised user credentials like usernames and passwords. Attackers use various phishing techniques to collect user credentials and misuse them for their advantage.

Researchers discovered different phishing pages, hostnames, and domains targeting national agencies in Kyrgyzstan, Georgia, Turkmenistan, Ukraine, Pakistan, Belarus, and Uzbekistan. 50 hostnames were analyzed, most of them impersonated the Ministry of Foreign Affairs, Ministry of Finance, and Ministry of Energy from Uzbekistan, Belarus, and Turkey.

Major departments targeted in the credential harvesting campaign include:

  • Information Technology (9.6%)
  • Telecom (3.8%)
  • Agriculture (1.9%)
  • Legal (5.8%)
  • Real Estate (3.8%)
  • Water (5.8%)
  • Education (3.8%)
  • Energy (1.9%)
  • Finance (9.6%)
  • Media (3.8%)
  • Transportation (5.8%)
  • Military (5.8%)
  • Foreign Affairs (21.2%)

Attackers spread credential harvesting pages posed as mail server login portals for different government departments. Phishing domains in this campaign began with mail with the real domain of the targeted government agency. Fake domain names using Tucows, PublicDomainRegistry, OVH SAS, or VDSINA were created by Attackers.

‘’The main targeted system was email portals of the government departments, potentially of an intelligence collecting campaign. The main target was to access the government ministries, particularly the Ministry of Foreign Affairs.  The attackers used a number of phishing pages on the targets of Belarus, Ukraine, and Uzbekistan’’ Cyjax said.

Believed to be an APT Campaign

The threat actors of the campaign are unknown, Cyjax linked the ongoing phishing campaign to the state-sponsored APT actors.

‘’ The activities suggest that this could be the work of an advanced persistent threat (APT) working on the behalf of a nation-state. This could be a cybercriminal campaign to serve as an access broker on underground forums, many of the countries targeted are Russian satellites or Russia itself. Due to absence of immediate financial benefit and narrow targeting, therefore, we believe this activity is more aligned to a state-sponsored APT campaign.’’ Cyjax added.


Share It On:

Recent Posts

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and Banking Stability

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and

Share It On:23rd November 2024, Kathmandu Nepal’s Central Bank, Nepal Rastra Bank (NRB), has announced a significant investment of NPR

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural Development

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural

Share It On: 23rd November 2024, Kathmandu The Agricultural Development Bank (ADB) is recognized as a vital institution for Nepal’s

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future Outlook

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future

Share It On: 23rd November 2024, Kathmandu Ridi Power Company Limited wrapped up its annual shareholder meeting, the 23rd Annual

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender In Nepal

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender

Share It On: 22nd November 2024, Kathmandu A significant step has been taken towards strengthening financial ties between Nepal and

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November