Security Intelligence -
On March 29, the FBI warned of an ongoing and widespread phishing campaign targeting U.S. election officials. Using false invoice inquiries and breached email accounts, attackers have attempted to steal officials’ login credentials in at least nine states since October 2021.
“If successful, this activity may provide cyber actors with sustained, undetected access to a victim’s systems,” the FBI said in a Private Industry Notification.
Invoice-Themed Phishing Scam
On October 5, 2021, unidentified threat actors sent phishing emails targeting U.S. election officials and representatives of the National Association of Secretaries of State (NASS). These emails came from at least two separate email addresses. Attached to the emails was a file titled INVOICE INQUIRY.PDF. The malicious files sent the email recipients to a credential-harvesting website. One of the phishing email addresses was found to be a compromised U.S. government official’s email account.
Similar incidents occurred on October 18 and 19 using email addresses supposedly from private U.S. businesses. These