A third Vidar-focused campaign targeting PEC emails has been detected within a month, distributing the Vidar malware via compromised PEC accounts. The messages impersonate an overdue invoice and threaten legal action, with a link that downloads a malicious JavaScript file. #Vidar #PEC
Keypoints
- Third Vidar campaign detected within a month targeting PEC emails.
- Fraudulent emails urge payment of a supposed overdue invoice.
- Emails contain links that download malicious JavaScript files.
- Over 12,000 malicious email addresses have been blocked by PEC managers.
- IoCs related to the campaign have been shared via CERT-AgIDβs IoC Feed.
- Recipients are advised to be cautious with suspicious PEC communications.
MITRE Techniques
- [T1566.002] Phishing β Spearphishing Link β βFraudulent emails contain links to download malicious files.β
- [T1203] User Execution β βMalicious JavaScript file is executed when the link is clicked.β
Indicators of Compromise
- [URL] IoC download β https://cert-agid.gov.it/wp-content/uploads/2024/09/vidar_pec_03-09-2024.json
- [Email Address] Campaign-related addresses β over 12,000 addresses blocked by PEC managers
Read more: https://cert-agid.gov.it/news/vidar-insiste-in-italia-con-campagne-via-pec/