US-CERT said Saturday that it detected three phishing attacks in the form of email-attached website links, compromised corporate websites and a compressed file that contained a malicious executable content.
The attackers worked to spread the campaigns by infecting systems to gain entry into organizational networks and steal critical non-public information, according to US-CERT.
The team recommends organizations implement email server and security gateway filters, web proxy and firewall and DNS server blocks in order to address the threat.
US-CERT also calls on agencies to scan email server logs for applicable sender, subject and attachments; check web proxy, DNS, firewall and IDS logs for malicious activity; and assess anti-virus logs for malware alerts.
For infected systems, US-CERT recommends users capture live memory and forensic images of systems for analysis.