It has been reported today that Russian hackers have targeted European government systems ahead of the EU parliament election.According to researchers, two state-sponsored hacking groups, APT28 and Sandworm, used spear phishing — the practice of sending out emails designed to look like they’re from a trusted party — in an attempt to obtain government information.
Anjola Adeniyi, Technical Manager for EMEA at Securonix:
“The attacks on the EU elections are yet another example of phishing being used as a method to obtain sensitive government information and attack high value targets. As a result, it is vital that all EU government employees are empowered to mitigate these scams.
Hackers will carry out reconnaissance on their targets to make their scams look legitimate, so even if employees are confident that an email is genuine, it is better to practice caution and be safe, rather than sorry.
Impersonating a given domain is a common method used for phishing and other malicious activities – DMARC protects against this type of phishing attack, which the European government should consider if it hasn’t already done so.”