Recently, on Tuesday the Federal agency of United states FBI has released a warning report regarding the US election officials being targeted in an ongoing and widespread phishing campaign by unidentified malicious actors in an attempt to steal their credentials since at least October 2021.
FBI revealed that the group of hackers has used various methods to redirect their targets to phishing pages and trick them into entering their login credentials. Reportedly, hackers used compromised email addresses of US government leaders to spoof US businesses.
"If successful, this activity may provide cyber actors with sustained, undetected access to a victim's systems," the FBI said in a private industry notification.
"…As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials."
According to the FBI intelligence, the threat actors have targeted the officials in the three separate "coordinated" phishing attacks and breached accounts of elected officials across at least nine states, Additionally, representatives of the National Association of Secretaries of State were also impacted in October.
The first attack came to light on 5 October when unrecognized hackers used two email addresses, one from the compromised account of a government official, in an attempt to steal the login data of elected leaders. Less than two weeks later, two identical phishing attacks had been seen from the email addresses linked to US businesses.
It has been noticed that in each phishing attack, the group of attackers sent an email recognized as "INVOICE INQUIRY.PDF,” which once opened, redirected users to a credential-harvesting website.
Following the incident, the FBI and the US federal law enforcement agency said that the threat “is still very real” and is heading into the 2022 election season. The group of hackers who are behind this phishing campaign will likely continue the attacks against US election officials with new phishing emails as the 2022 midterm elections are closing in.
The threat intelligence asked network defectors to educate officials against these attacks on how to identify phishing, social engineering, and spoofing attempts and how to protect their systems against such common threats.