AidInfoSec Report an attack

Attack Database /

Attack detail

Attack Date Location
January 2019 Unknown
Target organisation Attack category
Undisclosed NGOs. Other victims include UNICEF, UN World Food Program, UN Development Program, International Federation of the Red Cross and Red Crescent Societies Passive attack
Type
Keystroke logging

Additional notes on attack

“The campaign is using landing pages signed by SSL certificates, to create legitimate-looking Microsoft Office 365 login pages,” "It quickly detects mobile devices and logs keystrokes directly as they are entered in the password field. Simultaneously, the JavaScript code logic on the phishing pages delivers device-specific content based on the device the victim uses."

Harm Notes
Unknown Nature of attack typically leads to data theft and possible unauthorised access to other organisation staff accounts, but no specific harms have been declared.
Actor type
Unknown
Attacker agenda
Other: "At the time, it is not clear the motivation behind the spear-phishing campaign, both nation-state hackers and cybercriminals have targeted NGOs in the past for intelligence gathering or to conduct scams."