TOP SECRET//SI//ORCON/REL TO USA, FVEY/FISA
DIRNSA
and beacon out to malicious infrastructure. In October 2016, the actors also created a new e-mail address that was potentially used to offer election-related products and services, presumably to U. S.-based targets. Lastly, the actors sent test e-mails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services.
Campaign Against U. S. Company 1 and Voter Registration-Themed Phishing of U. S. Local Government Officials (S//SI//REL TO USA, FVEY/FISA)
Russian Cyber Threat Actors Target U. S. Company 1 (S//REL TO USA, FVEY/FISA)
(TS//SI//OC/REL TO USA, FVEY/FISA) Cyber threat actors executed a spear-phishing campaign from the email address noreplyautomaticservice@gmail.com on 24 August 2016 targeting victims that included employees of U. S. Company 1, according to information that became available in April 2017.[1] This campaign appeared to be designed to obtain the end-users’ e-mail credentials by enticing the victims to click on an embedded link within a spoofed Google Alert e-mail, which would redirect the user to the malicious domain .[2] The following potential victims were identified:
- U. S. e-mail address 1 associated with U. S. Company 1,
- U. S. e-mail address 2 associated with U. S. Company 1,
- U. S. e-mail address 3 associated with U. S. Company 1,
- U. S. e-mail address 4 associated with U. S. Company 1,
- U. S. e-mail address 5 associated with U. S. Company 1,
- U. S. e-mail address 6 associated with U. S. Company 1, and
- U. S. e-mail address 7 associated with U. S. Company 1.
(TS//SI//OC/REL TO USA, FVEY/FISA) Three of the malicious e-mails were rejected by the e-mail server with the response message that the victim’s addresses did not exist. The three rejected e-mail addresses were U. S. e-mail addresses 1 to 3 associated with U. S. Company 1.
TOP SECRET//SI//ORCON/REL TO USA, FVEY/FISA