CloudSEK researchers have identified an extensive phishing campaign in which threat actors (TA) were impersonating the Ministry of Human Resources of the UAE government.
Spotted through the company’s artificial intelligence (AI) digital risk monitoring platform XVigil, the new threat would target various government and corporate entities across the finance, travel, hospital, legal, oil and gas and consultation industries.
“The actors created a fake website […] that resembles the legitimate domain […] to defraud users,” CloudSEK wrote in an advisory.
“Upon observing the pattern of the email address used to register the domains, domain name, and hosting infrastructure, it can be inferred that a single threat actor or a threat actor group owns all these phishing domains and websites,” CloudSEK said.
Further investigation of the email address also led to the discovery of 43 domains that shared the same registrant information.
“During the course of our investigation into the fake domain, CloudSEK researchers discovered various other domains on the Open Source Internet (OSINT) that were reported on websites […] as scams, targeting job seekers.”
According to the security experts, the above phishing projects could also be utilized by other threat actors to target specific users and steal their passwords, documents, crypto wallets and other sensitive information.
To mitigate the impact of these attacks, CloudSEK said companies and individuals should avoid downloading suspicious documents from unknown sources or clicking on suspicious links.
Further, the company said the visibility of file extensions should be enabled (on Windows systems) to spot files with unknown file extensions before downloading them.
Finally, CloudSEK concluded that both multi-factor authentication (MFA) and the use of up-to-date antivirus and anomaly detection tools could also help reduce the impact of these advanced phishing scams.