The middle eastern threat group known as APT-C-23 are targeting male soldiers in the Israel Defense Forces in an attempt to get their victims to download and install malware.
I’ve seen plenty of spear phishing attacks in my day. I’ve also seen lots of great social engineering. And attackers have been evolving their tactics, using longer and longer campaign efforts as they get more and more targeted in their attacks.
The latest campaign documented by security researchers at Cado Security highlights an espionage-focused attack where social media platforms including Telegram, WhatsApp, Facebook and Instagram are used to initially connect with soldiers, sending voice recordings (via voice-changing software) to establish that the attackers are actually women.
Once engaged, victim soldiers are sent video laden with malware to infect IDF systems and provide the threat actors with access.
While certainly not at the level of deepfake audio, this use of audio as a social engineering medium demonstrates that attackers see the need to establish credibility with more than just domains, email addresses, logos, and email content.
Users need to be hyper-vigilant around just about any kind of unsolicited communication – whether business or personal – as the starting point for keeping the organization secure. Through Security Awareness Training, users can be taught this basic principle and apply it to interaction with email and the web through recurring education and testing.