Phishing Attack Campaign against Indian Individuals
Phishing Attack Campaign against Indian Individuals
Cyber Security Cyber Attack scam

Covid-19 related Phishing Attack Campaign against Indian Individuals

By Write a Comment on Covid-19 related Phishing Attack Campaign against Indian Individuals

Indian Computer Emergency Response Team has issued an advisory regarding Phishing Attack Campaign being planned on a large scale against Indian individuals and businesses.

The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded Covid-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.

The phishing campaign is expected to be from email such as “[email protected]” and the attack campaign is expected to start on 21st June 2020.

Phishing Theme

Hackers claimed to have 2M individual email IDs. The plan is to send emails free COVID-19 testing for all residence of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad inciting them to provide personal information. Please see email evidence below.

General Precautions:

  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
  • Leverage Pretty Good Privacy in mail communications. Additionally, advise users to protect the sensitive documents stored on the internet-facing machines to avoid potential leakage
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e. the extension matches the file header suspected file types are “exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf”). 
  • Beware about phishing domain, spelling errors in emails, websites and unfamiliar email senders
  • Check the integrity of URLs before providing login credentials or clicking a link.
  • Do not submit personal information to unknown and unfamiliar websites.
  • Beware of clicking form phishing URLs providing special offers like winning prize, rewards, cashback offers.
  • Consider using Safe Browsing tools and update your antivirus.
  • Backup your sensitive data on a regular basis.

Indicators of compromise

HashAlgorithmFile Type
db89750a7fab01f50b1eefaf83a00060md5DOC
bd665cd2c7468002f863558dbe110467md5NA
d8aa162bc3e178558c8829df189bff88md5NA
9c2ee383d235a702c5ad70b1444efb4dmd5NA
6208516f759accb98f967ff1369c2f72md5NA
9632bec3bf5caa71d091f08d6701d5d8md5NA
a7662d43bb06f31d2152c4f0af039b6emd5NA
Email ID
[email protected]
Domains
userimage8.360doc[.]com
image91.360doc[.]com
welcome.toutiao[.]com
IP Addresses:
47.114.37(.)0/24
49.85.84(.)0/24
61.111.20(.)129/32
62.217.245(.)69/32
109.166.202(.)229/32
172.217.37(.)3/32
177.8.217(.)2/32
18.231.105(.)181/32
183.192.201(.)12/32
187.93.134(.)179/32
191.5.217(.)90/32
200.7.120(.)241/32
61.220.8(.)0/22
162.158.0(.)0/16
162.158.128(.)0/17
172.0.0(.)0/8
180.122.83(.)0/24
47.110.46(.)0/24
61.191.84(.)0/24
139.219.10(.)0/24
103.45.251(.)0/24
123.207.98(.)0/24
222.133.169(.)0/24
222.133.164(.)0/24
117.158.65(.)0/24
60.31.213(.)0/24
117.65.81(.)0/24
114.233.8(.)0/24
47.240.73[.]77
114.67.110[.]37
183.196.97(.)0/24

Refernces

Tagged In

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.