Bezbedan Balkan Bezbednost državnih resursa Kompromitovani resursi v
Incident u HR - email poslat sa pmg.med.bg.ac.rs

Threaded Mode
Incident u HR - email poslat sa pmg.med.bg.ac.rs
kernel_priest Offline
kernel_priest
***
Posts: 154
Threads: 45
Joined: Sep 2022
Reputation: 22
#1
07-12-2024, 02:51 PM
Prvo domena HZZO . HR nema SPF, DMARC - znaci nista.
Drugo sa gore navedene pmg med bg ac rs SMTP servera su poslane mail poruke sa attachmentom ({naziv} . tar )

Zanimljivo mi je jer se neko koristi znaci serverom u Srbiji da bi spoofo mail adresu iz Hrvatske i pritome salju phishing prema raznim email adresama u HR.

Poslace mi sadrzaj atachmenta pa cu prijaviti detalje.


Attached Files Image(s)
   
Find
Reply
milos_rs Online
Administrator
*******
Posts: 936
Threads: 349
Joined: Sep 2022
Reputation: 306
#2
04-02-2025, 08:16 AM
detaljna analiza ove kampanje:

Impersonating Government Agencies To Deliver Infostealers - The HZZO Example

Quote:First, the sender: it appears the attacker is leveraging legitimate but poorly maintained email services at regional internet service providers (often bundled with web hosting). These include government institutions and private internet service providers. For example, one such campaign originated from the Faculty of Medicine at the University of Belgrade, in this case the service being run by the Academic research network of Serbia - AMRES
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)