Moonlight Targets Politicians, Activists and Staff at NGOs

Following in the tradition of the Ruskies with the DNC, DNCC and Clinton campaign hacks, hackers in the Middle East are using a phishing technique dubbed Moonlight to catch unsuspecting users with phishing emails.  What is interesting is that the tech involved is “off-the-shelf”.  What they have spent time working on is the phishing emails and web sites – to make them look real.

on December 20th 2010 Alaska  was the audience for a total lunar eclipse.  This documentation of the eclipse was photographed in Palmer, Alaska over a two hour period.
Lunar eclypse on December 20th 2010 in Alaska.  Courtesy US National Guard

Lest you think this doesn’t apply to you since you are not in the Mideast.  Consider this.  If hackers in the Mideast are doing this, what makes you think that hackers in the United States are NOT doing this?

Researchers have captured over two hundred different samples of malware over the last two years and that is probably just a small fraction of the malware deployed by these folks.

Interestingly, the attackers are sending the phishing emails to people’s personal email accounts instead of their corporate accounts, figuring that those accounts are less protected and people will be more likely to click on a link in a personal email.

These particular phishing emails are themed around Syria or Palestine or other Mideast news – designed to increase the likely click on rate.

The hackers, according to Vectra Networks, “lovingly” crafted these emails and the fake website behind him.

But not so much on the malware.  It is pretty vanilla and off the shelf.  Apparently, they are getting enough clicks without having to do anything fancy.

The results of these attacks is that the user’s home networks and computers become infected – and probably in many cases, corporate computers used in a home setting.

But this is the important point.

If they are doing that there, do you think that other hackers are not doing that here?

Of course they are.

Hackers are lazy.  If they hear about a technique that is working in some part of the globe, they will attempt to reproduce it elsewhere.  Like in the United States.

While I would like to wave my magic wand and tell you that you do not have to be vigilant, if I did, I would be lying.

My magic wand is on back order with no estimated ship date.  Damn it, Amazon.

So PLEASE be vigilant.  Whether at home or at work or on your mobile device.  You ARE the front line of defense.  If you see a piece of click bait check it out carefully first.  If you can’t figure out whether it is real or not, ask your corporate IT or security team to check it out for you.  Then ask them HOW they came to that conclusion so that you will be more knowledgeable next time.

Just my two cents.


Information for this post came from ZDNET.

Leave a Reply

Your email address will not be published.