New phishing campaign found targeting French banking, aviation, IT and other sectors

• The campaign is believed to have begun in October and has targeted the French banking, aviation, IT, chemical manufacturing, automotive and other sectors.
• Experts discovered that the cybercriminals’ use of the French language appears to be very convincing.

A new phishing campaign targeting various industrial sectors in France was recently discovered by security researchers. The campaign is believed to have begun in October and has targeted the French banking, aviation, IT, chemical manufacturing, automotive and other sectors.

Experts discovered that the cybercriminals’ use of the French language appears to be very convincing. This could indicate that the cybercriminals operating the campaign are likely from the region. The phishing emails sent out by the attackers contain either a PDF or an HTML file.

The cybercriminals also used JavaScript codes within the attachments. However, this technique did not seem to have much success for the attackers. In November, the hackers changed tactics, using Twitter to distribute their phishing URLs.

“The latest links used in the campaign are random .icu domains leading to 302 redirection chain. The delivery method remained as XHTML/HTML attachments or links in the emails. The campaign appears to be evolving fairly quickly and the attackers are active in generating new domains and new ways of redirection and obfuscation,” security researchers at F-Secure, who discovered the phishing attacks, wrote in a blog.

The campaign's goal appears to be infecting victims with adware and propagating malvertising URLs. It is still unclear as to how many victims were successfully infected. However, the propagation of such campaigns hints at how prevalent a threat phishing continues to pose, especially to private industries.