![]() Received: from cmgw2 (unknown )īy (Postfix) with ESMTP id B2763A0328 Received: from ( )īy (MSG3smtpd) with ESMTPS id 660B91998 Received: from ()īy localhost ( ) (amavisd-new, port 10024) Received: from localhost (unknown )īy (MSG3smtpd) with ESMTP id 70736199B In the figure we can see the header of the infected email sent: The email sent to Samsung's service centers contains the following Excel document:Īt this point we have checked if the e-mail sent to the Service Centers, had actually started from Samsung Italy. The data indicated in the email are real and correspond effectively to the person indicated in the message. ![]() email address of the IM & IT Service Manager.internal telephone number of the IM & IT Service Manager."SAMSUNG ELECTRONICS ITALIA SPA", Via Mike Bongiorno, 9 - 20124 Milano (MI) - Italy.The analysis of the text, makes us suppose that the message was written by an Italian mother tongue and no automatic translators were used, also terms of the sector were used as " non scontrinati" or " volumi in garanzia" that are directly connected to the recipients of the message.Īs you can see from the figure of the email, the logo and company data are shown in the bottom of the message: ![]() Centri assistenza non autorizzati che vi inoltrano i volumi in garanzia che non possono gestire.Dealer che spediscono prodotti non scontrinati con la propria ragione sociale.In the figure we can see the spear-phishing mail sent to the Samsung Service Centers:Īs you can see in the body of the message very specific terms are used, such as: the message is signed by the IT Service Manager of Samsung, a real person in Samsung Italy, where are indicated all his personal information as email and telephone numbers.the attached file is an Excel document: "QRS non autorizzati.xlsx".the body of the message is written in perfect Italian, contains elements and references to the Samsung company, the topics covered are known to the recipients of the message.the email seems to arrive from the official Samsung Italy house.The work to build the spear-phishing mail to perform the attack was perfect: Now we will analyze the spear-phishing campaign that has spread in Italy. It would seem that a similar attack was made at the end of March 2018 towards Samsung's Assistance Centers in Russia with the same modus operandi, as indicated by the Fortinet report: " Non-Russian Matryoshka: Russian Service Centers Under Attack". ![]() The attack seem targeting only the service centers of Samsung Italy and it isn't a massive malspam campaign. The attack campaign started on 2 April 2018 at 2.15 pm with the spread of an email with the subject: " Comunicazione 18-061: gestione centri non autorizzati". Campaign of spear-phishing targeting the service centers of Samsung ItalyĪt the beginning of the month of April 2018 a spear-phishing campaign spread to the italian service centers of Samsung. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |