Tuesday , February 18 2025
.gov

.Gov Domains Weaponized in Phishing Surge

A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to execute phishing campaigns. Between November 2022 and November 2024, attackers have leveraged vulnerabilities in government websites from various countries to host malicious content, act as command-and-control (C2) servers, and funnel users to credential phishing sites.

Source: cofense.com

Attackers are exploiting trust in .gov domains by using open redirect vulnerabilities, especially through CVE-2024-25608 in the Liferay digital experience platform. This allows them to evade secure email gateways and lure victims into clicking malicious links.

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

CISA Warns Active Exploitation of Apple iOS Security Flaw

CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which...
Read More
CISA Warns Active Exploitation of Apple iOS Security Flaw

Massive IoT Data Breach Exposes 2.7 Billion Records

A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs....
Read More
Massive IoT Data Breach Exposes 2.7 Billion Records

SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase...
Read More
SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let...
Read More
AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

Lazarus Group Unleashes New Malware Against Developers Worldwide

Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the...
Read More
Lazarus Group Unleashes New Malware Against Developers Worldwide

Daily Security Update Dated : 15.02.2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.02.2025

Salt Typhoon to target Bangladeshi Universities, One identified

RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions...
Read More
Salt Typhoon to target Bangladeshi Universities, One identified

Attackers often exploit open redirect vulnerabilities, where a web application allows users to input a URL for redirecting them to an external site. The Cofense report states: “Threat actors regularly take advantage of open redirects such as Google AMP and TikTok to bypass secure email gateways (SEGs), and .gov domains are similarly abused.”

Source: cofense.com

Threat actors use .gov URLs in phishing emails to exploit trust in government domains, tricking users into clicking links that lead to fake Microsoft login pages for credential theft.

“The campaigns abusing United States-based .gov domains for open redirects were all Microsoft-themed with the credential phishing page typically including Microsoft logos and indicators.”

U.S. government .gov domains made up only 9% of abused domains but were still the third most exploited globally. All instances of abuse involved open redirects. The report notes that: “Over 77% of the open redirects used made use of ‘noSuchEntryRedirect,’ making it likely that the United States-based government websites also fell prey to CVE-2024-25608.”

Source: cofense.com

Brazil’s .gov.br domains were the most targeted globally, exceeding the combined totals of the next three countries. However, the report indicates this may be due to a few specific domains being targeted repeatedly, rather than all Brazilian government websites facing widespread attack.

The ability of .gov domains to bypass security email gateways is concerning. Major email security solutions like Microsoft ATP, Proofpoint, Cisco IronPort, Symantec MessageLabs, and Mimecast failed to filter phishing emails that misuse government open redirects.. “This is a good indicator of how successful .gov domains are at bypassing SEGs.”

Attackers often create phishing emails that appear to be about document signing or legitimate business requests. Many users trust government websites and fail to check the full URL, making them easy victims of redirection-based phishing.

Cofense Intelligence found that, in addition to phishing, some .gov domains were abused by cybercriminals using compromised government email addresses as command and control servers for malware. In mid-2023 and early 2024, these emails were used for Agent Tesla Keylogger and StormKitty malware.

The report indicates that only two government email addresses were exploited, showing that while email security in government is generally strong, it is not completely safe from attacks.

Emerging Phishing Threat in Bangladesh’s Cyber Space

Check Also

SMM

AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). …

Leave a Reply

Your email address will not be published. Required fields are marked *