Phishing attacks often target non-IT employees because they are believed to be easier to fool. Nevertheless, IT specialists can also become victims of cyber criminals. Lazarus Group has recently attacked a cryptocurrency organization, targeting the company’s system administrator. The attackers crafted a fake job post on LinkedIn to attract his attention and used a malicious attachment as a bait. The malicious file prompted the sysadmin to open it for details of an exciting new job. The document was allegedly protected by the GDPR, so the sysadmin had to enable macros to open it.
Most phishing attacks target generic audience. Phishing emails for such mailing campaigns are neither personalized nor accurate. The attackers rely on the victim to react fast without thinking twice. For example, immediately changing the password being afraid that someone has stolen his or her data. Or opening the attached document without double checking the email sender.
There is another approach, when the victim is pre-selected, and the phishing communication is built carefully. It requires a greater resource investment, but also guarantees a greater reward. This is exactly what happened to the attacked cryptocurrency company in this story.
Image by wal_172619
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_150416163_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|pardot||past||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.|
|visitor_id909942-hash||10 years||No description|
|lpv909942||30 minutes||No description|
|visitor_id909942||10 years||No description|