The Department of Justice has seized two command-and-control (C2) and malware distribution domains used in recent spear-phishing activity that mimicked email from the U.S. Agency for International Development. The action was intended to disrupt any additional exploitation of victims and to help identify anyone compromised by the attack. However, DOJ indicated the hackers could have deployed additional accesses to victims’ before their domains were seized.
The attack commenced on or about May 25, when hackers launched a wide-scale spear-phishing campaign via a compromised USAID account at a mass market email marketing company. Specifically, the compromised account was used to send thousands of emails, purporting to be from USAID email accounts and containing a “special alert,” while lured users to a malicious site where malware was downloaded onto the victims’ computers.
Sources:
- Department of Justice: Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International Development
- NextGov: Justice Took Down Two Domains Used in USAID Hack
- Gov Info Security: DOJ Seizes 2 Domains Linked to USAID Phishing Campaign