TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
http://www.us-cert.gov/tlp/
Summary: Cybersecurity firm Cofense released a new report (weblink below) identifying a campaign that began in May targeting a wide array of industries. The hackers sent thousands of emails containing malicious QR codes to companies, which took users to a Microsoft credential phishing page. While unable to attribute the campaign to a specific threat actor, the report’s author did find similarities to a previous campaign that used tools from companies in Russia. The researchers noted that QR codes have not typically been used by hackers at this scale, but threat actors may be testing out the method because of its effectiveness in comparison to more traditional links embedded in most phishing emails. The malicious actors also encoded the phishing links in redirects so that when victims flash their camera over the QR code, the link that appears looks legitimate.
Cofense Report: hxxps://cofense[.]com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
NYSIC CAU Analyst Note: About 29% of the observed phishing emails targeted a major United States-based energy company, with the energy sector in general a major focus of the campaign. The other top four targeted industries include manufacturing, insurance, technology, and finance. Most phishing links were comprised of Bing redirect URLs. Other notable domains include ones associated with the Salesforce application and Cloudflare’s Web3 services.
Sources:
hxxps://www.bleepingcomputer[.]com/news/security/major-us-energy-org-targeted-in-qr-code-phishing-attack/
hxxps://securityaffairs[.]com/149567/hacking/phishing-campaign-qr-codes.html
hxxps://securityboulevard[.]com/2023/08/major-energy-company-targeted-in-large-qr-code-campaign/
This information has been disseminated to:
NYSIC CAU Contacts – OCT-CIP
NYSIC CAU Contacts – ITS EISO
NYSIC CAU Contacts – Cyber Partners Working Group (CPWG)
NYSIC CAU Contacts – Critical Infrastructure: All
NYSIC CAU Contacts – SLTT
For more information, please contact the NYSIC Cyber Analysis Unit at (518) 786-2191 or CAU@nysic.ny.gov.
TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules,
TLP:CLEAR information may be shared without restriction.
http://www.us-cert.gov/tlp/
CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain highly sensitive and confidential information. It is intended only for the individual(s) named. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.
