November 1, 2024 at 12:57AM
Cybersecurity researchers have revealed the Xiū gǒu phishing kit, used in campaigns targeting multiple countries since September 2024. Over 2,000 phishing sites have been identified, exploiting RCS messages for scams. Google is enhancing protections against such attacks, while Cisco Talos reports ongoing phishing efforts targeting businesses, including OpenAI impersonation scams.
### Meeting Takeaways:
1. **New Phishing Kit Discovery**:
– A new phishing kit named **Xiū gǒu** has been identified, actively used in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since September 2024.
– Over **2,000 phishing sites** linked to this kit have been documented.
2. **Threat Characteristics**:
– The kit is utilized for a variety of sectors, including public services, postal services, digital services, and banking.
– It employs **Cloudflare’s anti-bot and hosting obfuscation** features to evade detection by cybersecurity measures.
3. **Risk and Accessibility**:
– Xiū gǒu lowers the entry barrier for less experienced hackers, potentially increasing malicious activities and the theft of sensitive data.
4. **Technical Details**:
– Developed by a Chinese-speaking threat actor, it includes an **admin panel** and utilizes technologies like Golang and Vue.js.
– The kit can extract credentials and information via **Telegram** from fake pages hosted on the **“.top”** domain.
5. **Propagation Method**:
– Phishing attempts use **Rich Communications Services (RCS)** messages, which advise recipients about fictitious parking fines or undelivered packages.
– The messages direct victims to click on shortened links to process payments or update information.
6. **New Protective Measures by Google**:
– Google is enhancing scam detection through **on-device machine learning** to filter fraudulent messages related to deliveries and job offers.
– New protections being piloted in specific countries (India, Thailand, Malaysia, Singapore) include security warnings for messages from unknown senders and automatic filtering of international sender messages to spam.
7. **Cisco Talos Report**:
– An ongoing phishing campaign targets **Facebook business users** in Taiwan, deploying stealer malware disguised as legal communication through deceptive emails.
8. **Impersonation Scams**:
– Campaigns impersonating OpenAI have been reported, misleading businesses into updating payment information through links that appear legitimate but are obfuscated.
9. **General Observations**:
– Phishing campaigns are becoming increasingly sophisticated, utilizing methods to pass security checks while retaining the potential for significant impact on victims.
### Action Items:
– Monitor developments regarding the Xiū gǒu phishing kit and related phishing campaigns.
– Stay informed on the implementation of new protective measures by Google and other tech companies.
– Raise awareness within the organization about the various phishing tactics being employed to ensure better preparedness and response.