Cybercriminals attacked employees of U.S. federal civilian agencies as part of a "widespread cyber campaign" in 2022, revealed a cybersecurity advisory.
What Happened: The Cybersecurity and Infrastructure Security Agency, National Security Agency and Multi-State Information Sharing and Analysis Center have released a joint advisory.
According to the advisory, the officials identified a cyber campaign that uses legitimate Remote Monitoring and Management or RMM software — ScreenConnect, now known as ConnectWise Control and AnyDesk — to trap victims in a refund scam.
While the officials discovered the activity in October last year, cybercriminals have been sending phishing emails to federal employees’ personal and government addresses since June 2022.
The scam’s purpose appears to be to trick victims into “initiating a refund.”
The threat actors first send help desk-themed phishing emails and entice the victims to log into their bank accounts while remaining connected to their devices via RMM software. Then, they modify the recipient’s bank account summary to trick the victims into refunding the “excess amount to the scam operator.”
It is unclear what exactly happened in the case of U.S. government employees who got trapped in this scam.
Why It’s Important: While the advisory stated that the cyber campaign appears financially motivated, it also mentioned that this could lead to “additional types of malicious activity.”
For instance, hackers could sell the stolen data to other cybercriminals.
Last week, a report by a blockchain analytics company stated that while ransomware victims have started refusing to pay their attackers, the number of active strains has increased significantly.
Read Next: Why Setting a Recession-Proof Cybersecurity Budget Requires a Cybersecurity Framework
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.