A Red Sky Alliance member is reporting a suspected phishing email to Wapack Labs. Subsequent analysis reveals the campaign was initiated by an Algerian threat actor associated with a known hacking team. This Algerian threat actor compromised a French auto dealership on 19 July 2016 and sent phishing emails to a social group in New England U.S.A from a compromised domain belonging to a pizza shop in South Carolina. This information is offered as a caution; presented for your situational awareness.
- Algerian threat actor associated with known hacking team.
- Previously targeted French organizations for religious/national reasons. Target set and motivations, for the attacks, may have evolved.
- The hacking team's twitter went dormant on 17 Sep 2015 with the message “#Team_Closed Goodbye and Expect Us in 2016”. On 19 December 2016 the group created a new Facebook page and appears active again...READ MORE
Handling Requirements: Traffic light protocol (TLP) GREEN
Attribution/Threat Actors: Laakel En Person/Moujahidin Team
Actor Type: Adversary capabilities have been assessed as Tier II
Potential Targets: Worldwide phishing
Past Reporting: N/A
The full report may be viewed in the Red Sky Alliance as DOC-4608.
Contact Wapack Labs for more information.