Spear-phishing campaign targets gov addresses taken in Stratfor hack

The other shoe from the Christmas weekend hack of the intelligence analysis company Strategic Forecasting is dropping, in the form of spear-phishing e-mails to government users that appear to come from the company.

The hacker group Anonymous broke into the network of the company, which does security-related intelligence reports for clients such as the Defense Department and contractor Lockheed Martin, and stole information on thousands of accounts, including e-mail addresses and credit card numbers, and posted it online.

Shortly after the hack, the Army warned users of its Army Knowledge Online portal about the possibility of identity theft, advising them to monitor their credit cards and change their passwords.

Related stories:

Anonymous hack of intell company Stratfor was all too easy

Army warns of ID theft from Stratfor hack

Now, Stratfor is warning subscribers that phishers are using those e-mail addresses to send spam that appears to be from the company.

“These spam e-mails may contain malware and attachments, and may attempt to lead you to websites that look like our own,” Stratfor CEO George Friedman wrote on a page dedicated to updates about the incident. “They may also attempt to convince you to provide your private information.”
Stratfor was implementing a temporary no-link policy for its e-mail as a precaution against phishing, Friedman wrote, so if subscribers get an e-mail ostensibly from the company that contains a link, they can assume it’s malicious.

Researchers with Microsoft Malware Protection Center said the phishing e-mails going to Stratfor subscribers display the Stratfor letterhead and contain an attached PDF file titled "stratfor.pdf," which, when opened, urges the reader to download a supposed antivirus program to scan for the fictional "Win32Azee virus."

Microsoft’s researcher noted that the download link in the e-mail appears to be legitimate at first glance but on closer inspection turns out to be to a URL in Turkey (Stratfor is based in Texas).

Another tipoff to users is that the message on the PDF, in an old, manual-typewriter font, appears to be written by someone for whom English is not their first language.

The letter begins with “Dear Stratfor Reader,” and continues, “our data systems were breached and leak of data is highly possible. That is why we strongly discourage you to open e-mails and attachments from doubtful senders and urge you to check all e-mails and attachments with antivirus.”

The letter then says, “We also warn you about the distribution of harmful software through out website!” before recommending that they download the supposed antivirus program.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected