New nation-state campaigns target government, banking and healthcare

Researchers at secure browser company Menlo Security have uncovered three new nation-state campaigns employing highly evasive and adaptive threat (HEAT) attack techniques.

In a 90-day period, the campaigns -- LegalQloud, Eqooqp, and Boomer -- compromised at least 40,000 high-value users, including C-suite executives from major banking institutions, financial powerhouses, insurance giants, legal firms, government agencies, and healthcare providers.

"This year, state-sponsored cyberattacks such as these have impacted at least one-third of American citizens," says Andrew Harding, vice president of security strategy at Menlo Security. "State-sponsored cyberattacks are a looming cloud over security leaders, and our research shows that they have been growing in both sophistication and scale. One thing is clear: attackers are moving fast and refreshing their tactics to target the browser, and traditional security controls such as SSE or SWG are letting these attacks slip through the cracks."

LegalQloud, hosted on Tencent Cloud (the largest Internet company in China), impersonates legal firms to steal Microsoft credentials, targeting governments and investment banks in North America. Menlo Labs discovered 500 enterprises targeted by this campaign in a 90-day period, bypassing URL categorization and block lists.

Eqooqp can defeat multifactor authentication and targets a range of government and private sector organizations, including logistics, finance, petroleum, manufacturing, higher education, and research. Nearly 50,000 attacks associated with this campaign have been detected and stopped by Menlo in recent months.

Boomer is an intricate phishing campaign targeting sectors such as government and healthcare. In Boomer attacks, threat actor employs advanced evasive techniques including dynamic phishing sites, custom HTTP headers, tracking cookies, bot detection countermeasures, encrypted code, and server-side generated phishing pages.

Other things highlighted in the report include that 60 percent of malicious links clicked by a user are attributed to phishing or fraud, and 25 percent of phishing links clicked by users go undetected by legacy URL filtering. Microsoft is found to be the most impersonated brand across industries.

The full report is available from the Menlo site.

Image credit: denisismagilov/depositphotos.com