Hackers Steal Over 40k Logins for Gov Services in 30 Countries
“More than 40,000 users victims of phishing attacks had their credentials for unlocking online accounts for government services stolen…the login data offered access to services in 30 countries around the world. Most of the victims are in Europe. More than half of the victims are from Italy (52%), followed by Saudi Arabia (22%) and Portugal (5%). Users of government portals in other countries were also affected. Among the victims are government employees, military and civilian citizens with accounts on official websites of France (gouv.fr), Hungary (gov.hu), Croatia (gov.hr), Poland (gov.pl), Romania (gov.ro), Switzerland (admin.ch), and the Government of Bulgaria (government.bg). Credentials for logging into services from the Israel Defense Forces (idf.il), the Ministry of Finance of Georgia (mof.ge), the Norwegian Directorate of Immigration (udi.no), the Ministries of Foreign Affairs of Romania and Italy. The websites of Italian Ministry of Defense (difesa.it) were also compromised.
The Computer Emergency Response Teams (CERTs) of the affected countries have been notified of the threat so they can take action to minimize the risks. Victims fell for phishing trick According to Group-IB, the hackers were able to grab the username/password pairs via malicious emails that distributed well-known spyware tools like Pony Formgrabber, AZORult, and Qbot (Qakbot). The phishing operation targeted both personal and corporate email accounts and disguised the malware as a legitimate file or archive. When the victim opened the attachment, the malware would deploy and start looking for sensitive information on the system.”