Terror alert spam detected by Symantec in the wild

Cybercriminals impersonate law enforcement officials in Dubai, Bahrain, Turkey, and Canada to send terror alert spam and serve RATs.

No Doubts, cyber criminals are jackals always ready to exploit any event in the headlines, even the most dramatic incidents. We have assisted in the past many cases in which crooks exploited the media attention on news events, such as the mysterious skyjacking of the Malaysian Airlines flight MH370 or the incident occurred at the AirAsia flight QZ8501.

News of the day is that people from several countries, including Canada, Dubai, Bahrain and Turkey, have received fake “terror alert” emails. According to Symantec, the bogus notifications advise recipients reading the mail to keep them and their families and company secured from an imminent attack.

The specific campaign leveraged on malicious emails with two attachments which according to the content in the mail is a brief on measures to adopt to remain secure. One of the attachment is in reality a document containing indications on the measured to adopt, the second one is a malware used to infect the victim’s computer.

The malicious code is a multiplatform remote access Trojan (RAT) dubbed Jsocket (Backdoor.Sockrat), a RAT which was developed by the same authors of the AlienSpy RAT.

Operators behind the campaign used the signatures from local law enforcement agency’s officials in order to trick victims by giving more credibility to the messages.

“Earlier this month, Symantec observed malicious emails spoofing the email address of one United Arab Emirates (UAE) law enforcement agency, particularly the Dubai Police Force. These spear-phishing emails, which read like a warning from the Dubai Police, bank on users’ fear of terror attacks to trick them into executing the malicious attachments. The attachments are disguised as valuable security tips that could help recipients to protect themselves, as well as their companies and their families, from potential terror attacks that may occur in their business location.” states Symantec in a blog post.

“To add more credibility to the emails, the crooks impersonate the incumbent Dubai Police lieutenant general, who is also the head of general security for the emirate of Dubai, by signing the email with his name.”

The experts noticed that the spear phishing messages were well written and all officials used as alleged sender are currently in office.

Another element of interest highlighted by Symantec is represented  by the effort spent by threat actors in targeting their victims, for example, the subject in most cases reflects the name of an employee who works for the targeted company. This circumstance leads the expert to believe that attackers have a specific knowledge of their victims.

Symantec experts confirm we may yet see more of these kinds of social engineering tactics preying on real-world fears, be careful!

Pierluigi Paganini

(Security Affairs – spear phishing, Terror-alert spam)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

3 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

10 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

22 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.