Phishing attacks targeting government agencies linked to Hacking Team breach

Recent FBI memo says phishing attacks targeted patched Adobe vulnerabilities linked to Hacking Team

hackingteam hacked logo
Credit: Steve Ragan / Twitter

In an alert on Friday, the FBI has issued a warning about an active phishing campaign targeting various government agencies in the U.S.

The alert says phishing emails in July and those from June targeted an Adobe Flash vulnerability discovered in the Hacking Team files.

The FBI memo says the vulnerability being leveraged in the phishing attacks is CVE-2015-5119, otherwise known as the vulnerability in Adobe Flash that was discovered by Hacking Team and made public after the company was breached earlier this month.

From the memo:

"The FBI has received information regarding a likely ongoing phishing campaign that started 08 July 2015 and was observed targeting US government agencies. This campaign is similar to a June campaign launched by similar malicious actors. In both campaigns, the e-mails contain a link that exploits Adobe Flash vulnerability CVE-2015-5119."

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.

However, their business has earned them a black mark from privacy and human rights organizations, as the company has been accused of selling tools and services to nations known for violent oppression.

Earlier this month, someone published a 400GB cache of files taken from the company, which included emails, source code, and sales contracts. Among those files were exploits for Zero-Day vulnerabilities in Adobe Flash and Microsoft's Internet Explorer.

Last week, the first exploit for Flash was discovered by researchers in the leaked documents and it was immediately incorporated into the Neutrino and Angler exploit kits. Within 24-hours of notification, Adobe patched the flaw being targeted, but later in the week, two additional exploits were discovered. Adobe has since patched all three.

In related news, Microsoft has patched the Internet Explorer vulnerability discovered by researchers within the leaked Hacking Team emails.

The following Phishing emails were sent on July 8, from 125.227.139.53 (Taiwan - hinet.net)

  • SUBJECT: BBW Analysis report- 2015
  • SUBJECT: Tomorrow Morning New Starts
  • SUBJECT: Perrydale Club for Leadership: Financial Literacy 101
  • SUBJECT: FAS Analysis report-2015
  • FROM: Alan Mertner <allan.mertner@perrydale.com>

"In June, similar malicious actors launched another phishing campaign targeting US Government Agencies and private sector companies involved in Information Technology/Telecommunications, Aerospace, Construction, Engineering and Transportation," the memo states.

June 8, 9, 11

  • SUBJECT: AEP Energy Program Update: 2015 Program Year Kick Off
  • SUBJECT: Review Link
  • SUBJECT: PLS Account A42660861
  • FROM: Adam L Hannah <Adam.hannah@cacti.twixel.be>
  • FROM: Carrie Spencer <Carrie.Spencer@lumbix.com>
  • LINK: hxxp://ml.r-u.org.ua/message/

Moreover, the FBI says that traffic associated with the following IP addresses and domains should be analyzed for malware activity.

  • bwxt.com
  • dublincore.org
  • 125.227.139.53
  • 107.20.255.57

Additional details are in the July 16 alert A-000062-PH

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.