Threat Actors Exploit Government Website Vulnerabilities for Phishing Campaigns
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
Threat actors are exploiting vulnerabilities in government websites, particularly .gov domains, to conduct phishing campaigns. The abuse primarily involves using open redirects to bypass secure email gateways and lead victims to credential phishing pages. A significant portion of these exploits may be related to CVE-2024-25608, affecting the Liferay digital platform. US government domains, while less frequently abused, are primarily used for open redirects in Microsoft-themed phishing attempts. Brazilian government domains are the most frequently abused, followed by other countries. Some compromised government email addresses have also been used as command and control servers for malware like Agent Tesla Keylogger and StormKitty.
OPENCTI LABELS :
phishing,credential theft,stormkitty,email security,agent tesla keylogger,cve-2024-25608,open redirects,.gov domains,liferay,government websites
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Threat Actors Exploit Government Website Vulnerabilities for Phishing Campaigns