A spear phishing campaign against the Israeli Prime Minister’s office has been tracked an analysed by DomainTools’ senior security researcher, Kyle Wilhoit. Highlights from his discovery include:
- Some of the indicators of compromise attribute this activity to a well known attack group called CopyKitten
- The phishing email was disguised as an ‘Annual Survey’ word document
- The document makes reference to The Ministry of Communications, therefore possibly targeting the Israeli government’s Ministry of Communications
The full blog is pasted below or can be found here: https://blog.domaintools.com/2017/03/hunt-case-study-hunting-campaign-indicators-on-privacy-protected-attack-infrastructure/