The U.S. Department of Justice recently announced the seizure of two command and control (C2) and malware distribution domain names that were used in a spear-phishing campaign pretending to be the U.S. Agency for International Development (USAID).
This campaign was the focus of Microsoft's security alert on May 27, New sophisticated email-based attack from Nobelium, as well as the joint cybersecurity advisory from the FBI and CISA.
Nobelium, or Cozy Bear, is the Russian cybercrime group behind the infamous SolarWinds hack that affected thousands of organizations in the public and private sector around the world.
Nobelium domain names seized by DOJ
Phishing attacks can be an effective way for a cybercriminal to gain access to an organization's data. In some cases, all it takes is one click and boom, your critical information is inaccessible.
Here is how the DOJ describes the recent phishing campaign:
"On or about May 25, malicious actors commenced a wide-scale spear-phishing campaign leveraging a compromised USAID account at an identified mass email marketing company. Specifically, the compromised account was used to send spear-phishing emails, purporting to be from USAID email accounts and containing a 'special alert,' to thousands of email accounts at over one hundred entities.
Upon a recipient clicking on a spear-phishing email's hyperlink, the victim computer was directed to download malware from a sub-domain of theyardservice[.]com. Using that initial foothold, the actors then downloaded the Cobalt Strike tool to maintain persistent presence and possibly deploy additional tools or malware to the victim’s network. The actors' instance of the Cobalt Strike tool received C2 communications via other subdomains of theyardservice[.]com, as well as the domain worldhomeoutlet[.]com. It was those two domains that the Department seized pursuant to the court's seizure order."
Acting U.S. Attorney Raj Parekh for the Eastern District of Virginia shared his thoughts on the recent incident:
"Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses.
As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats."
For more information on the situation, read the statement from the DOJ.
