Spear-phishers change their bait to lure high-level feds

When the fish are biting, grab some more bait and throw your hook back into the water.

Attackers targeting high-level federal employees, military leaders and foreign leaders are luring their catches with an e-mail that purports to be from the Center for a New American Security (CNAS), a think tank that has sent a couple of its employees to senior positions in the Obama administration, writes Threatpost’s Paul Roberts.

The initial analysis points to China — again — which would mark the second elaborate phishing attack blamed on the country this summer, Roberts writes.

This new strategy follows a spear phishing attack that Google exposed in June and attributed to Chinese hackers. In that incident, the attackers gained access to officials’ Gmail accounts to monitor their e-mail messages and mess with users’ settings. The sneaky phishing campaign even infiltrated the account of a Cabinet-level official.

The latest phishing attack cashes in on CNAS’ good name with a subject line tied to the organization’s recent report on the detrimental effect of declining satellite capabilities, Roberts writes. Researcher Mila Parkour reported the phishing campaign on the “Contagio” blog and notified Google, Roberts adds.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected