A credential harvesting campaign has been targeting multiple government procurement services in the United States and abroad, Anomali reveals.
Multiple public and private sector organizations use procurement services targeted in this campaign, which spoofed sites for multiple international government departments, email services, and two courier services.
The attackers sent phishing emails to trick intended victims into accessing spoof phishing sites that masqueraded as legitimate login pages relevant to government agencies.
Anomali published an extensive report (PDF) detailing the campaign, but refrains from making an attribution. However, the cybersecurity solutions provider says that the attack appears to be persistent, although dormant at the moment, and that the phishing site domains are hosted in Turkey and Romania.