Fake Assassination News Used in Phishing Attack Impersonating The New York Times
- Actor Motivations: Disinformation,Exfiltration
- Attack Vectors: Phishing
- Attack Complexity: Low
- Threat Risk: Low Impact/High Probability
Threat Overview
A phishing campaign is exploiting sensational fake news about an assassination attempt on US President-elect Donald Trump by an Iranian sniper. The campaign poses as The New York Times using the email address newyork-times@nycmail[.]com. Victims who click on the embedded link are redirected to an ESET-imitation phishing site, where they are prompted to enter corporate domain credentials. This campaign is an example of attackers using major global events, such as political elections, to amplify their efforts. The use of urgency and sensational headlines highlights the need for vigilance in verifying information.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Region | United States | High |
Extracted IOCs
- cu1td[.]com
- hxxps://cu1td[.]com/zm/result.php
Tip: 2 related IOCs (0 IP, 1 domain, 1 URL, 0 email, 0 file hash) to this threat have been found.