Blog

Hackers are running a targeted phishing campaign around the ongoing T-20 World Cup

By |

Hackers have decided to latch on to the excitement generated by the ongoing T-20 World Cup in Australia. Over the last two weeks, Sectrio’s threat research team intercepted/came across 20 emails that were targeted at senior executives from the government, manufacturing, oil and gas, healthcare, and utility sectors. From the data available, we can infer that most emails and WhatsApp messages were targeted against businesses or government entities based in India while Australia, Singapore, and South Africa were ranked 2nd, 3rd, and 4th respectively in terms of the volume of communication reported by recipients.  

Most emails claimed to know which team would eventually lift the trophy this month and encouraged recipients to use that knowledge to place bets with a leading sports betting agency in England. Once a recipient replies to an email, they are further asked to share personal information (which could be used to hack their online accounts or validate information already harvested from other sources) on the pretext of giving more information.  

Some of the recipients also received a link that takes them to a website infected with crypto-mining malware.   

T 20 phishing - sectrio
Hackers are running a targeted phishing campaign around the ongoing T-20 World Cup - Sectrio
T 20 phishing wp - sectrio
Hackers are running a targeted phishing campaign around the ongoing T-20 World Cup - Sectrio

How are the hackers ramping up their targeted phishing campaigns?

While topical attacks based on trending sports and geo-political events are not new, this campaign run by hackers adds a new dimension to the problem of protecting businesses against involuntary insider activity that might lead to a compromise of data or credentials. Hackers are clearly ramping up their game in terms of identifying specific trends to use as well as specific targets within organizations to reach out to.  

While latching on to topics that are more likely to elicit a response, the scammers behind this campaign are also planning to harvest data for long-term targeting. In terms of targeting machines, the malware used was a new version of well-known crypto-mining malware called Nitrokod which has been around for a while now. First detected in 2019, this malware lured victims to download desktop versions of popular mobile apps. Once downloaded, the malware stays latent for a period of almost 45 days keeping a low signature by running multiple processes in the backend to hide its footprint. The actual infection is triggered much later. 

After a communication line is established with the hacker by the malware, information on the infected machine is passed on. By delaying the infection process, the malware avoids detection in sandbox environments.  

Sectrio’s threat research team is still evaluating the malware and we will be able to share more information on the new variant soon.  

Join us at the Sectrio OT security conference in Bucharest in November, sign up now

Sectrio - 18th edition subex user conference
Sectrio – 18th Edition Subex User Conference

We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds

Defence in depth without contextual threat intelligence is an unlit alley 1
Hackers are running a targeted phishing campaign around the ongoing T-20 World Cup - Sectrio

Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now

Comprehensive asset discovery with vulnerability and threat assessment 1200 × 630px
Comprehensive Asset Discovery with Vulnerability and Threat Assessment See our solution in action through a free demo
Avatar of prayukth k v
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defense tactics at close quarters.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio