The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit.
The attackers, APT28, a group with longstanding suspected Russian government ties, used URLs at the domain "electronicfrontierfoundation.org" in their phishing emails (the Electronic Frontier Foundation can be found at eff.org). Pawn Storm has many targets, including the White House and NATO.
Oracle has patched the Java zero-day. Pawn Storm continues. To get good, practical advice on protecting yourself from this sort of cyber-attack, read EFF's Surveillance Self-Defense Kit.
Because this attack used the same path names, Java payloads, and Java exploit that have been used in other attacks associated with Pawn Storm, we can conclude that this attack is almost certainly being carried out by the same group responsible for the rest of the Pawn Storm attacks. Other security researchers have linked the Pawn Storm campaign with the original Sednit and Sofacy targeted malware campaigns–also known as “APT 28”–citing the fact that they use the same custom malware and have similar targets. In a 2014 paper the security company FireEye linked the “APT 28” group behind Sednit/Sofacy with the Russian Government (PDF) based on technical evidence, technical sophistication, and targets chosen. Drawing from these conclusions, it seems likely that the organization behind the fake-EFF phishing attack also has ties to the Russian government. Past attacks have targeted Russian dissidents and journalists, U.S. Defense Contractors, NATO forces, and White House staff. We do not know who the targets were for this particular attack, but it does not appear that it was EFF staff.
New Spear Phishing Campaign Pretends to be EFF [Cooper Quintin/EFF]
(Icon: Pawn logo, The Pawn Language Logo)
We’ve covered Theodore Gray on Boing Boing a lot, and for good reason — he’s amazing. His Mad Science book was filled with spectacularly fun science experiments, he built a Periodic Table table with little compartments to hold samples of elements, and now he has a new coffee table photo book called The Elements: A […]
An appropriate book for this time, Soviet-era dystopian fiction grandmasters Boris and Arkady Strugatski considered Snail On The Slope “the most perfect and the most valuable of their works.” Snail on The Slope is comprised of two separate storylines, taking place in and on the edge of The Forest. Together they paint a vivid picture […]
(I originally reviewed this in 2008, but thought it was worth reposting, for obvious reasons. — MF) In World Made By Hand (2008) by James Howard Kunstler, the population of the United States (and most likely, the world) has been decimated by an energy shortage, starvation, plagues, terrorism, and global warming. The story takes place […]
Even if you don’t miss much else about the office right now, there’s a good chance your home laptop is making you nostalgic for the added efficiency of that pair of monitors on your desk at work to spread out your workflow. There’s no telling how long the new normal may continue to be the […]
If you’re looking to become a software engineer or it’s an idea you’ve tossed around half-seriously, there may be no better time than now to take the leap. It’s one of the fastest-growing, most in-demand roles already. And in the midst of the pandemic, between the extra hours you likely have in your day, and […]
Whether you’re looking to create perfect portraits or amazing artwork, if your medium is digital, you know you absolutely must have Photoshop to do your best making. So if you’ve been putting off really mastering the various techniques, tools, and styles it offers for your craft, now is a great time to make it happen. […]