Another phishing campaign called ” Beyond the Grave” targeted international hedge funds on January 9th, 2019. In an announcement presented on Bleeping Computer, the attackers have expressed that they will keep on targeting banking and financial institutions in the future. A part named Xander Bauer has made a post in the Bleeping Computer forums with a title of “Beyond the Grave Virus infecting Hedge Funds”.
This post expresses that their phishing campaign is intended to modify information confidentiality in the targeted hedge funds, yet it isn’t clear whether that will be utilized for the attacker’s financial advantage or to cause market instability for political reasons. Additionally, included as verification is an example of the phishing campaign email with an open window showing the command that executed the phishing kit.
These phishing emails impersonate a legitimate financial research company named Aksia and pretend to be investigating about rumors related to ESMA (European Securities and Markets Authority) stopping short selling during Brexit. Likewise included as confirmation is an example of the phishing campaign email with an open window demonstrating the direction that executed the phishing unit.
These phishing messages imitate a real money related think-tank named Aksia and claim to be appropriate regarding bits of gossip identified with ESMA (European Securities and Markets Authority) stopping short selling amid Brexit. When visiting these URLs, nothing shows up except for a blank page.
It isn’t known whether the payload has been brought down or if this is being done intentionally to trap the victims into further discussing further with the attackers. Therefore, it is very important for all email users to always check the legitimacy of an url before clicking on it.
This should be possible by basically setting off the root of the URL, which in this case is https://www.aksia.co, and they would have seen a blank page, which should be suspicious. Additionally, completing a search for Aksia would have revealed different domain than the one in the email.
BleepingComputer has reached most of the organizations targeted by this phishing campaign, Aksia, Palantir, FireEye, and the attacker who posted the information, but have only heard back from Marshall Wace at this time.