RESTON, Va., Feb. 5, 2022 /PRNewswire-PRWeb/ — Silent Push, a detection-focused threat intelligence solution focused on identifying and nullifying threats before they launch, released a blog post today outlining an ongoing “fake bid” phishing campaign that is targeting US government contractors. https://www.silentpush.com/blog/phishing-infrastructure-used-to-target-us-government-contractors
The company identified a long list of targeted government contractors and live phishing sites trying to collect their credentials. This campaign appears to have been ongoing for some time and is representative of an ongoing tactic of attacking the supply chain used by multiple adversaries in recent years.
The attacker had a list of companies to target and then had set up fake government department procurement landing pages depending on what they would be bidding for. It is not clear how much this aligns with the real world alignment of contracts. Do these targeted companies already have contracts with those departments?
The lure was sent via email and then the victim, if they clicked on the link would be taken to the fake government procurement landing page. Once they had clicked through an “invitation for bid” pop up there was a clear “click here to bid” button which would lead to a data collection form for the users email address and password.
“From this point on we can only speculate what the attackers did with the gathered credentials, if they were successful,” said Ken Bagnall from Silent Push.
Silent Push has released all related indicators to their customers through their live threat feeds.
Contact [email protected] for general inquiries.
About Silent Push
Silent Push provides predictive Cyber Threat Intelligence, with the goal of identifying threats proactively. Silent Push conducts billions of daily look ups and applies deep analysis providing you with enriched, comprehensive data sources to proactively protect against emerging threats.
For more information, visit http://www.silentpush.com.
PR Department, Silent Push Inc, +1 3144511834, [email protected]
SOURCE Silent Push Inc