EFF Warns of New Spear Phishing Campaign Masquerading as EFF
A domain masquerading as an official Electronic Frontier Foundation site has been tricking users into a false sense of trust and has been used in a spear phishing attack, or emails that appear to be from a familiar individual or…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
business, wrote EFF Staff Technologist Cooper Quintin in a blog post Thursday. The domain, ElectronicFrontierFoundation.org, was registered Aug. 4, and it’s suspected of the phishing attacks that began that same day, Quintin said. The domain “seems to be part of a larger campaign, known as ‘Pawn Storm’” that began a little more than a month ago and is thought to be associated with the Russian government, Quintin said. The domain has been reported for abuse, but was still active when Quintin wrote his blog. As part of the phishing attack, an attacker "sends the target a spear phishing email containing a link to a unique URL on the malicious domain (in this case electronicfrontierfoundation.org)," Quintin said. When the user visits the URL, they are redirected to another unique URL that contains a "Java applet which exploits a vulnerable version of Java," he said. "Once the URL is used and the Java payload is received, the URL is disabled and will no longer deliver malware (presumably to make life harder for malware analysts)," Quintin said. "The attacker, now able to run any code on the user's machine due to the Java exploit, downloads a second payload, which is a binary program to be executed on the target's computer."