The sophisticated phishing attacks send emails masked as each receivers' respective government agencies, (or in a few cases, procurement and logistic firms) with unique lures to enter their usernames and passwords. Each spoofing email is crafted in the native language of the target with plausible, relevant content that would prompt a click through to a document which then leads to a phishing site where they would then enter their credentials. 

Countries targeted include the United States, Canada, China, Australia and Sweden. The investigative firm Anomali has so far uncovered 62 domains and 122 phishing websites. The culprits behind this 'persistent' campaign are still unknown.