Friday, January 20, 2017

Algerian Phishing Attempt

A Red Sky Alliance member is reporting a suspected phishing email to Wapack Labs. Subsequent analysis reveals the campaign was initiated by an Algerian threat actor associated with a known hacking team. This Algerian threat actor compromised a French auto dealership on 19 July 2016 and sent phishing emails to a social group in New England U.S.A from a compromised domain belonging to a pizza shop in South Carolina. This information is offered as a caution; presented for your situational awareness.
  • Algerian threat actor associated with known hacking team.
  • Previously targeted French organizations for religious/national reasons. Target set and motivations, for the attacks, may have evolved.
  • The hacking team's twitter went dormant on 17 Sep 2015 with the message “#Team_Closed Goodbye and Expect Us in 2016”. On 19 December 2016 the group created a new Facebook page and appears active again...READ MORE
Publication Date: 12 January 2017
Handling Requirements: Traffic light protocol (TLP) GREEN
Attribution/Threat Actors: Laakel En Person/Moujahidin Team
Actor Type: Adversary capabilities have been assessed as Tier II
Potential Targets: Worldwide phishing
Past Reporting: N/A

The full report may be viewed in the Red Sky Alliance as DOC-4608. 
Contact Wapack Labs for more information.