Narwhal Spider Threat Group Behind New Phishing Campaign Impersonating Reputable Law Firms

Narwhal Spider Threat GroupUsing little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans.

This new campaign spotted by security analysts at BlueVoyant demonstrates how effective spear phishing can be — even when the phishing execution itself is relatively basic. According to the analysis, threat actors impersonate well-known law firms and send out PDF attachments with the filename "Invoice_[number]_from_[law firm name].pdf."

Simple enough, right?

The kicker is who they’re sending to. Narwhal Spider targeted specific industries and individuals who regularly interact with law firms, such that receiving an invoice from one would be relatively common.

This tactic is what makes an impactful phishing campaign — getting the message and the target so well-aligned that there’s not even a second though given when double-clicking an attachment on the part of the recipient.

It’s also the very reason that new-school security awareness training is necessary; employees need to be taught that they should have their defenses up with every email even the ones they are absolutely certain are legit… because they still may not be.

And according to BlueVoyant, it appears that the payload intended is the IcedID trojan info stealer I’ve written about before that’s been around since last year. This makes a campaign like this very dangerous; play the campaign forward and you realize if the recipient is used to seeing invoices, they are in a position involved with making payments.

Take over that user account and gain access to an accounts payable system — or just do diligence on an upcoming payment and use a BEC attack to get the payment details changed — and it’s game over for the victim organization.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews