The Department of Justice (DOJ) seized two domain names used in a spearphishing campaign on Friday in accordance with court orders issued in the Eastern District of Virginia as part of efforts to disrupt the threat actors’ malicious cyber activity.
“Law enforcement remains an integral part of the U.S. government’s broader disruption efforts against malicious cyber-enabled activities, even prior to arrest, and we will continue to evaluate all possible opportunities to use our unique authorities to act against such threats,” John Demers, assistant attorney general for DOJ’s national security division, said in a statement published Tuesday.
The spearphishing campaign was the subject of a joint cybersecurity advisory that the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued on Friday. CISA and the bureau warned that the campaign was aimed at government agencies, non-governmental and intergovernmental organizations.
According to the advisory, the hackers used a compromised user account from email marketing software company Constant Contact to send phishing emails that purported to come from the U.S. Agency for International Development to over 7,000 accounts across about 350 agencies, NGOs and IGOs.
DOJ said the cyberthreat actors secured persistent access by downloading the malicious Cobalt Strike software tool after a recipient clicked on the hyperlink in the spearphishing email and used the seized domains to control the tool implanted on victims’ networks.
The National Security Division’s counterintelligence and export control section and the U.S. Attorney’s Office for the Eastern District of Virginia are working with the FBI’s Washington field office and cyber division to further investigate the campaign.
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club's CMMC Forum coming up on June 16th.
CMMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.
To register for this virtual forum and view other upcoming events, visit the POC Events page.