+- Bezbedan Balkan (https://bezbedanbalkan.net)
+-- Forum: Bezbednost državnih resursa (https://bezbedanbalkan.net/forum-5.html)
+--- Forum: Kompromitovani resursi (https://bezbedanbalkan.net/forum-6.html)
+--- Thread: Incident u HR - email poslat sa pmg.med.bg.ac.rs (/thread-1573.html)
Incident u HR - email poslat sa pmg.med.bg.ac.rs - kernel_priest - 07-12-2024
Prvo domena HZZO . HR nema SPF, DMARC - znaci nista.
Drugo sa gore navedene pmg med bg ac rs SMTP servera su poslane mail poruke sa attachmentom ({naziv} . tar )
Zanimljivo mi je jer se neko koristi znaci serverom u Srbiji da bi spoofo mail adresu iz Hrvatske i pritome salju phishing prema raznim email adresama u HR.
Poslace mi sadrzaj atachmenta pa cu prijaviti detalje.
RE: Incident u HR - email poslat sa pmg.med.bg.ac.rs - milos_rs - 04-02-2025
detaljna analiza ove kampanje:
Impersonating Government Agencies To Deliver Infostealers - The HZZO Example
Quote:First, the sender: it appears the attacker is leveraging legitimate but poorly maintained email services at regional internet service providers (often bundled with web hosting). These include government institutions and private internet service providers. For example, one such campaign originated from the Faculty of Medicine at the University of Belgrade, in this case the service being run by the Academic research network of Serbia - AMRES