Fake Government Emails: TA4903 Targets Businesses

by ·

A report by the leading company Proofpoint has unveiled a sophisticated cyber fraud scheme orchestrated by the hacker group TA4903. This gang specializes in Business Email Compromise (BEC) attacks and has, over the past few years, launched phishing campaigns under the guise of various U.S. government institutions.

To mask their illicit activities, the cybercriminals pose as the Department of Transportation, the Department of Agriculture, and the Small Business Administration of the United States. The emails they distribute contain malicious PDF attachments with QR codes.

When the QR code is scanned, the victim is redirected to meticulously disguised phishing sites that mimic the official portals of these institutions. Depending on the bait used, users may be directed to counterfeit Office 365 login pages.

Although the TA4903 group has been active since at least 2019, Proofpoint experts have noted a sharp increase in its activity from mid-2023 to the present. In the past, the malefactors utilized the EvilProxy tool to bypass multifactor authentication, but this method has not been observed this year.

TA4903’s motivation is purely financial. Having gained unauthorized access to corporate networks and email accounts, the cybercriminals meticulously scour them for banking details, payment information, and data on trade partners. Based on this information, they conduct BEC attacks, sending fraudulent payment requests or altering payment details on behalf of the compromised accounts.

In several incidents recorded since mid-2023, the malefactors have dispatched letters on behalf of compromised partner organizations, nearly indistinguishable from authentic ones. Victims were informed about a fictitious cyberattack and advised to update their payment details.

According to Proofpoint, TA4903 poses a significant threat to organizations worldwide, targeting a broad range of entities. Recently, experts have noted a shift in focus from hacking government institutions to targeting small businesses, though it remains unclear whether this is a temporary tactic or the beginning of a new trend.

The complexity of the BEC attack scheme, involving multiple stages, provides organizations with numerous opportunities to detect malicious activity. Nonetheless, a comprehensive multilayered approach to information security remains the most effective means of countering such threats.

Tags: