ASEAN Phishing Expeditions
Mila Parkour, the indefatigable phish researcher from DC, points to some recent spear-phishing attacks which to me help confirm that Southeast Asia, and ASEAN in particular, has become something of a focus for the chaps in China.
They also highlight just how vulnerable diplomats in the region are because of poor security.
One is a phish apparently coming from the Indonesian foreign ministry, in particular one Ardian Budhi Nugroho, whom the email correctly describes as from the Directorate of ASEAN Political Security Cooperation. The subject matter is topical and credible:
Enclosed herewith letter from Director for ASEAN Political-Security Cooperation, informing the date of the next Direct Consultations between ASEAN and P5 Nuclear Weapon States, which will be held on 4 – 6 October 2011 in New York. A Tentative Programme of the Direct Consultations is also attached for your kind reference. Thank you for your attention and continued cooperation.
The only good thing about these phishes is that they reveal something of the attacker’s interests. These attacks are timed carefully a week or so ahead of key meetings–in this case a Oct 4-6 meeting in New York of ASEAN and P5 Nuclear Weapon states (one of those states, of course, is China). The email was sent on Sept 20.
The email address given, firstname.lastname@example.org, doesn’t appear to be genuine, but it could easily be. Look, for example, at the email addresses listed here. More than half are either ISP or webmail addresses.
Diplomats need to get wise to these kinds of attacks by using their domain’s email addresses and being more sophisticated about their communications (not sending attachments, for one thing, and telling me they don’t.)
How does all this work? We don’t know who received this but it’ll probably be a list of diplomats attending the talks–not hard to find, as we can see from the above list. It only needs one member of each delegation to open the infected attachment for their whole delegation to be in danger of China–or whoever is behind this attack–to be able to monitor everything they do.