Phishing Champaign on Cyber Space of Bangladesh
by CIRT Team
A targeted phishing campaign was identified originating from the compromised government/law enforcement email accounts. The attacker leveraged legitimate credentials to gain unauthorized access and send fraudulent emails to a wide range of recipients, primarily within government organizations and law enforcement agencies. This campaign reflects a well-coordinated credential-based phishing operation, targeting critical sectors to exploit trust within intra-government communications.
The phishing emails typically include:
- Embedded phishing links within .jpeg or .png files disguised as document attachments.
- Password-protected .docx files, intended to bypass email security filters.
Most Targeted Sectors:
- Law Enforcement Agencies
- Government Organizations