Authorities order shutdown of two web domains used for mass phishing campaigns

The U.S. Department of Justice (DOJ) announced the seizure of two C&C domains used by threat actors to deploy complex spear phishing campaigns mimicking legitimate communications from the U.S. Agency for International Development (USAID). Microsoft even released a security alert related to the operators of these campaigns, noting that this attack was based on mass emailing.

With the seizure of these domains, law enforcement agencies hope to definitively interrupt the deployment of this malicious campaign, in addition to identifying the compromised users. However, malicious hackers could have deployed a powerful backdoor during these attacks which no doubt about it, increases the risks for the affected users.

In late May, threat actors began a malicious campaign by abusing a USAID account, exposed due to a security incident at an outside company. The compromised email account was used to send spear-phishing emails, purporting to be from USAID email accounts and containing a “special alert,” to thousands of accounts in more than a hundred entities.

When a recipient clicks on the hyperlink of a phishing email, the victim’s computer was directed to download malware from a subdomain of theyardservice(.)com. Using that initial support point, the actors then downloaded the Cobalt Strike tool to maintain a persistent presence and possibly deploy additional tools or malware on the victim’s network.

Threat actors’ instance of the Cobalt Strike tool received C2 communications through other subdomains of theyardservice(.)com, as well as the worldhomeoutlet(.)com domain. It was these two domains that the DOJ confiscated pursuant to the court’s seizure order.

John C. Demers, assistant justice secretary at DOJ, says, “These actions are a clear demonstration of our government’s commitment to disrupting any cybercriminal effort; we will continue to evaluate any hacking campaigns potentially related to these domains used for phishing.” The secretary adds that justice and investigation agencies will continue to collaborate to address any similar issues, using the most sophisticated tools at their disposal in the fight against cybercrime.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.