15 January 2020
- The phishing attempts used fake email addresses of prominent human rights defenders, journalists and members of the Council of Europe and were sent to colleagues and like-minded.
- One of the malware being spread, had the ability to obtain remote access to the victim’s computer
- Qurium’s forensics investigation can link the attacker to the Ministry of Internal Affairs (MIA), Azerbaijan.
During January 6 – January 11, a number of phishing attempts targeting political activists and journalists in Azerbaijan were carried out. The phishing attempts used fake email addresses of prominent human rights defenders, journalists and members of the Council of Europe, and were sent to colleagues and link-minded.
Qurium has reverse engineered two of the phishing mails which included download links to malicious files. One of the malware could be linked to the email address man474019@gmail.com. Thanks to previous leaked information from a hacker forum, the very same email account could be linked to the IP address 85.132.24.77. In a previous forensic report released by Qurium in 2017, this IP address was traced to the government of Azerbaijan.
A second piece of malware used in another phishing email was capable of collecting keystrokes, screenshots, and Wifi credentials from the victim’s computer.
For a complete report, please see Qurium’s forensics report: Fishing Phishers in Azerbaijan
Contacts:
Digital forensics: Tord Lundström, Qurium Media Foundation t@virtualroad.org
Media: Clara Zid, Qurium Media Foundation info@virtualroad.org