Google’s Threat Analysis Group (TAG) released information regarding the newest wave of phishing attacks they detected which target US Government employees and healthcare organizations around the world. TAG identified over a dozen groups believed to be state-sponsored who they saw targeting individuals with a range of phishing emails leading to fake Google login pages designed to steal passwords. One of the phishing messages used an offer of free fast food meals and coupons, supposedly in response to COVID-19, to trick their targets. Google stated they have been working to block the domains that are being shared through these emails with their “safe-browsing” feature. TAG identified Charming Kitten or APT35, the Iranian-backed group as one of the culprits, as well as the South American group, Packrat, which used a spoofed World Health Organization webpage. Likewise, FireEye reported that APT32, an alleged Vietnamese threat actor, tried to compromise the personal and professional email accounts of government workers in China’s Ministry of Emergency Management and the Wuhan government.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that