Security researchers at CloudSEK have discovered a phishing campaign in which threat actors impersonated the Ministry of Human Resources. According to recent reports, the operation may be larger than previously believed when it was first discovered in July 2022. CloudSEK recently published an updated advisory stating that it identified a group of phishing domains utilizing other types of lures and targeting the travel and tourism, oil and gas, real estate, and investment industries. The domains have similar naming schemes as those identified in July.
Additionally CloudSEK stated that it found that the group was leveraging fake job offers and investment opportunities to trick victims. Some of the domains had an email server enabled, however, many of the domains had created fake websites in an attempt to convince victims that they were legitimate victims. Some of the scam domains redirected to legitimate domains in order to add legitimacy to the phishing emails, security researchers state.