The sophisticated phishing attacks send emails masked as each receivers' respective government agencies, (or in a few cases, procurement and logistic firms) with unique lures to enter their usernames and passwords. Each spoofing email is crafted in the native language of the target with plausible, relevant content that would prompt a click through to a document which then leads to a phishing site where they would then enter their credentials.
Countries targeted include the United States, Canada, China, Australia and Sweden. The investigative firm Anomali has so far uncovered 62 domains and 122 phishing websites. The culprits behind this 'persistent' campaign are still unknown.
Like the email and document lures, the phishing website is designed to look like the real one used by the agency or company that's being targeted. These websites have legitimate names, information and documents used by the target in an effort to appear more authentic and avoid suspicion by the user.