SCAM OF THE MONTH: Advanced Attacks from APT35


November 29, 2021

A cybercriminal group known as APT35 has been targeting high-profile organizations in government, journalism, higher education, and more. For a more convincing attack, APT35 compromises legitimate websites that work with these high-profile organizations.

Once they’ve compromised a website, APT35 uses the website to send phishing emails to their targets. For example, in one attack APT35 sent emails with phony invitations to an upcoming webinar. These invitations included a link to the compromised website. If you clicked on the link, you were brought to a registration page. On this page, you would be asked to sign up using your email credentials. APT35 wants you to hand over your credentials so that they can gain access to your account, personal information, and eventually your organization. 

Use the tips below to recognize similar advanced attacks:

  • When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain multiple spelling or grammatical errors.
  • Never click a link in an email that you weren’t expecting. Even if you recognize the email sender, consider what the link is for and why it was included in the email.
  • When in doubt, contact the sender by phone or in-person to confirm the legitimacy of the email.

Stop, Look, and Think. Don’t be fooled.

We're Integris. We're always working to empower people through technology.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...