Cybersecurity experts have identified new campaigns by cybercriminal group TA4903, which specializes in phishing and business email compromise (BEC, also known as CEO fraud).
The group is a group of financially motivated cyber criminals who have recently made a name for themselves through large-scale email campaigns. US organizations in particular find themselves in the crosshairs of attackers, and occasionally companies from other parts of the world too. Proofpoint’s key findings on TA4903:
- TA4903 has two main goals: credential phishing and BEC.
- The group regularly runs campaigns impersonating various U.S. government agencies to steal credentials from companies.
- TA4903 also impersonates various organizations from various industries, including construction, finance, healthcare, food and beverage, and others.
- The scope of your campaigns ranges from hundreds to tens of thousands of messages per campaign.
- The group was observed using the EvilProxy MFA bypass tool and has been exploiting QR codes to steal credentials since late 2023.
Proofpoint has traced TA4903's activity back to at least mid-2021, with evidence suggesting that their credential theft-related phishing activities and BEC attacks have been occurring since 2019. The group initially posed as the US Department of Labor in attacks in December 2021. She later misused the name of other ministries, including Housing and Urban Development, Transport and Commerce. Then in 2023, TA4903 began impersonating the US Department of Agriculture.
Increase in TA4903
From mid-2023 to 2024, Proofpoint saw an increase in TA4903 phishing and scam campaigns, with attackers beginning to impersonate various small and medium-sized businesses (SMEs) across various industries. In TA4903's most recent BEC campaigns, the group no longer poses as a government agency, but instead disguises itself as a supposed SME. These campaigns will be executed at a higher operational speed than previously observed campaigns.
More at Proofpoint.com
About Proofpoint Proofpoint, Inc. is a leading cybersecurity company. The focus for Proofpoint is the protection of employees. Because these mean the greatest capital for a company, but also the greatest risk. With an integrated suite of cloud-based cybersecurity solutions, Proofpoint helps organizations around the world stop targeted threats, protect their data, and educate enterprise IT users about the risks of cyberattacks.
Matching articles on the topic