Hacking-spoofing-U.S. postal service the case for the victim

Hacking-spoofing-U.S. postal service trap-victim

According to the races in Europe, a new phishing campaign has arrived in the United States and the attackers infect behind him, the identity of the US postal system, with the aim of users’ computers with a banking Trojan, according to new research from Proofpoint.

In November, researchers from cybersecurity company observed the thousands of E-Mails trying to ready harmful Microsoft Word to make attachments in the United States. These E-Mails impersonated news from the U.S. postal service as part of a campaign to infect computers with the IcedID banking Trojans.

IcedID was first discovered by IBM X-Force Research division, and the banking Trojans in General, the banks, payment card providers and financial institutions in an effort objectives to steal the user’s authentication information.

But the campaign, which is not of Proofpoint on financial companies and will be held according to companies in the healthcare industry. The phishing emails used in the campaign included a malicious Word document that, when opened, triggers a Microsoft Office macro that starts a PowerShell script to download and install IcedID on the user’s computer.


The United States is the current goal of the campaign, according to the Proofpoint the same threat actor targeting observed companies in Germany by the identity of the Federal Ministry of France. The attacker used behind the campaign, also, the penetration-testing tool, and cobalt commercially available strike for the provision of their malicious payloads.

To track down the origin of the malware researcher at the company news, millions of social media posts, and more than 250m malignant samples analyzed over 5 billion E-Mail daily.

Proofpoint analyzed a number of characteristics, including the infrastructure, attract and identify the styles and the macro-code and analyze the campaign activity in the United States. The company found that the actions are not in line with the existing threat-players that suggest that a new group is probably behind the campaign.

Threat intelligence lead at Proofpoint, Christopher Dawson, provided further details about the group and their malicious activities, namely:

“Although these campaigns are small in volume, yet they are crucial for their abuse of trusted brands, including public authorities and for their relatively quick expansion to multiple locations. To bait a date, which seems to have a group of targeted organizations in Germany, Italy, and, most recently, the United States, providing geotargeted payloads with art in the local languages. We are this new actor to see that there are apparent global aspirations, well-crafted social engineering, and steadily enlarge.”

  • Protect your devices against the latest cyber-threats with the best antivirus software

On TechRepublic

Released on Fri, 15 Nov 2019 23:42:22 +0000

Leave a Comment