What's in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A Russia state-sponsored cyber threat actor impersonated the U.S. Department of State to target prominent academics and critics of Russia. The attackers used extensive rapport building and tailored lures to convince targets to set up application specific passwords (ASPs). Once obtained, these ASPs allowed persistent access to victims' mailboxes. Two distinct campaigns were observed, both using residential proxies and VPS servers for access. The attackers sent phishing emails disguised as meeting invitations, including spoofed Department of State email addresses to increase legitimacy. Victims were directed to create ASPs with specific names, which the attackers then used to access their email accounts. This activity is tracked as UNC6293 and is assessed with low confidence to be associated with APT29 / ICECAP.
OPENCTI LABELS :
phishing,state-sponsored,asp,email compromise,department of state
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
What's in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia