Phishing — January 2019 attacks

January 25, 2019 · frtg · 1 min read

We have detected a wave of cyberattacks targeting multiple Italian organizations in recent days.

Threat actors employ malicious attachments to redirect users to sites hosting malware or phishing pages, representing the initial phase of more severe system compromise within targeted enterprises.

The email body contains minimal information, with a PDF file attached.

The PDF contains a link to a malicious site that induces users to download malware or submit credentials. This attack chain aligns with T1566.001 (Phishing: Spearphishing Attachment) and T1598.003 (Phishing for Information: Spearphishing Link), tactics commonly observed in initial access operations. Organizations implementing Cyber Threat Intelligence capabilities can identify such indicators of compromise and establish detection rules to prevent credential harvesting and malware deployment at the perimeter:

Email Threats
Italian Targeting
Lure Analysis
phishing
Phishing 2019

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie & Privacy