Organizations based in the EU are being targeted by spear phishing campaigns leveraging EU political and diplomatic events, according to the bloc’s Computer Emergency Response Team (CERT-EU).
In its Threat Landscape Report 2023, published on February 15, 2024, CERT-EU found that lures exploiting the EU agenda have been rife in 2023.
“In recent years, 2023 was the first time that we observed so many attacks in a short period of time (a few months) being directly linked to the EU political consultation and decision-making structure,” CERT-EU researchers wrote.
Threat actors sent spear phishing emails containing malicious attachments, links, or decoy PDF files that were originally internal or publicly available documents related to EU affairs and policies.
China-backed threat actor Mustang Panda has been using this tactic since at least 2022.
These lures included mentions of the following EU bodies, programs and events:
- Swedish Presidency of the Council of the European Union
- EU - Community of Latin American and Caribbean States (CELAC) Summit
- Working Party of Foreign Relations Counsellors (RELEX)
- EU LegisWrite (a European Commission editing program)
The threat actors “did not necessarily target the mentioned organizations,” but directed their malicious campaigns towards individuals and organizations involved in EU policies and events and might be tempted to click on the malicious link or document.
“To make the spear phishing message even more credible, the attackers often impersonated staff members of Union entities or the public administration of EU countries,” the report added.
Private Sector’s Primary Targets: Diplomacy, Defense and Transport
Spear phishing continued to be the initial access technique most used by threat actors targeting EU-based organizations in 2023.
Outside public administration entities, the industries most targeted by spear phishing campaigns in 2023 were the diplomacy, defense and transport sectors.
No tags.
