Advanced Phishing Campaign Targets the UAE Organizations

The expanded campaign

• The cluster of phishing domains targets contractors in the UAE with vendor registration, contract bidding, fake job offers, investment opportunities, and other types of lures.
• Of the 35 phishing domains analyzed, 90% are targeting Abu Dhabi National Oil Company (ADNOC), Sharjah National Oil Corporation (SNOC), and Emirates National Oil Company (ENOC).
• Some domains have only an email server (mostly by Zoho) enabled, some have copied content from legitimate businesses to trick the users, and some domains redirect to legitimate domains to trick victims into trusting the phishing emails.

Campaign strategy

• The threat actors behind this campaign are strategically buying and registering domains with keywords similar to the legitimate organization domains.
• These are hosted in North America, with several affordable service providers and they take time to process takedown requests.
• The majority of these domains belong to Tucows Domains which is known for a slow response rate on requests for the suspension of such domains.

The last campaign from July

• The campaign targeted various government and corporate entities in the finance, travel, hospital, legal, oil and gas, and consultation industries in the Middle East.
• Researchers assessed that a single threat actor or a threat actor group owns all phishing domains and websites used in the large-scale phishing campaign.

Conclusion