Infected emails seemingly bearing feedback on UK government draft G20 briefings — that actually steal data — are targeting government officials and economic development leaders ahead of this week’s global summit in Russia, researchers say. Spearphishing campaigns that coincide with the G20 are common, but this time researchers are questioning whether the documents might truly be genuine.
According to cybersecurity firm Symantec, a brief message in the body of the email thanks the recipient for circulating a series of “building block” documents on various global issues and new UK feedback on the documents.
“What is interesting about these documents is that each of them has track changes enabled and contains the reported comments from the UK called out in the original email,” Symantec researcher Satnam Narang writes in a blog post. “At this time, we cannot verify the authenticity of these documents, but from our observation, modifications were made to them earlier this month, which states that they were last modified by a user named ‘UK Government.”
The five files are labeled “UKcomments,” “UK-Building Block_DEVELOPMENT,” “UK-Building Block_EMPLOYMENT,” “UK-Building Block_ANTICORRUPTION” and “UK-Building Block_TRADE.