A significant BEC fraud that targets Middle Eastern-based businesses and people has been discovered.
The effort has grown to include a new group of phishing domains that were created using the same name patterns as a prior campaign that was detected in July.
The collection of phishing websites uses several forms of baits, including phoney employment offers, investment possibilities, vendor registration, and contract bidding, to target contractors in the UAE.
Ninety percent of the 35 phishing domains examined target the Emirates National Oil Company, Sharjah National Oil Corporation, and Abu Dhabi National Oil Company (ADNOC) (ENOC).
In order to deceive users, some domains have simply an email server (often provided by Zoho) active, some have duplicated the content of reputable companies, and some domains reroute to reputable domains.
Threat actors behind this campaign are deliberately purchasing and registering domains with keywords that are similar to those of domains belonging to real businesses.
The campaign also makes use of pre-stored static web pages with comparable templates to make it resistant to takedowns.
If a domain is banned, these templates are uploaded to another domain.
Source: https://cyware.com/news/advanced-phishing-campaign-targets-the-uae-organizations-fea9a469
TPRM report: https://scoringcyber.rankiteo.com/company/usuaebusiness
"id": "usu221031222",
"linkid": "usuaebusiness",
"type": "Cyber Attack",
"date": "12/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Oil and Gas',
'location': 'UAE',
'name': 'Emirates National Oil Company',
'type': 'Corporation'},
{'industry': 'Oil and Gas',
'location': 'UAE',
'name': 'Sharjah National Oil Corporation',
'type': 'Corporation'},
{'industry': 'Oil and Gas',
'location': 'UAE',
'name': 'Abu Dhabi National Oil Company (ADNOC)',
'type': 'Corporation'}],
'attack_vector': ['Phishing', 'Domain Spoofing'],
'description': 'A significant BEC fraud targeting Middle Eastern-based '
'businesses and people has been discovered. The effort '
'includes a new group of phishing domains created using the '
'same name patterns as a prior campaign detected in July. The '
'phishing websites use various forms of baits, including phony '
'employment offers, investment possibilities, vendor '
'registration, and contract bidding, to target contractors in '
'the UAE. Ninety percent of the 35 phishing domains examined '
'target the Emirates National Oil Company, Sharjah National '
'Oil Corporation, and Abu Dhabi National Oil Company (ADNOC) '
'(ENOC). Some domains have only an email server active, some '
'have duplicated the content of reputable companies, and some '
'domains reroute to reputable domains. Threat actors behind '
'this campaign are deliberately purchasing and registering '
'domains with keywords similar to those of domains belonging '
'to real businesses. The campaign also makes use of pre-stored '
'static web pages with similar templates to make it resistant '
'to takedowns. If a domain is banned, these templates are '
'uploaded to another domain.',
'initial_access_broker': {'entry_point': 'Phishing Domains',
'high_value_targets': ['Emirates National Oil '
'Company',
'Sharjah National Oil '
'Corporation',
'Abu Dhabi National Oil '
'Company (ADNOC)']},
'motivation': 'Financial Gain',
'title': 'BEC Fraud Targeting Middle Eastern Businesses',
'type': 'BEC Fraud'}