The individual in the screenshot above posted the topic “strange activity” and then summarized how they came across some interesting email being sent from an account that does not exist on their server, even though they have various security protocols in place. X-Authenticated-Sender: : on the domains airesgiftscl and cb2medionlinecl reveals the same IP address of 45554933: Looking at the header information of the file, we see the following information: The following analysis provides further insight into how this occurred: Digging around further, it appears that this IP address may have been compromised by an unknown attacker. The email seems to have originated from the IP address of 45554933. According to the email headers, one target for this spearphishing campaign is a chemical company in the Czech Republic that produces industrial goods for small customers and large enterprises. Particularly, the biomedical company claims to work with diseases and cell functions, with the possible intent of using their name to garner favor and a quick reply from the targeted company so they can conduct more COVID research. While this seems to be a run-of-the-mill malicious email template, complete with spelling mistakes and grammar issues, the interesting angle taken by this attacker is that it purports to be from a biomedical company focused on life science research, with distributors worldwide.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |