1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Japanese businesses are being bombarded with millions of phishing

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 07, 2025 12:30:07
    Japanese businesses are being bombarded with millions of phishing messages

    Date:
    Wed, 07 May 2025 11:22:00 +0000

    Description:
    A Chinese threat actor is on the hunt for login credentials and system data.

    FULL STORY ======================================================================Proofpoi nt observes notable spike in phishing emails targeting Japanese businesses
    The emails are being sent out via a kit called CoGUI The researchers attributed the attack to a Chinese-speaking threat actor

    Threat actors are flooding Japanese businesses with phishing attacks, and are using a unique phishing kit framework called CoGUI to do it.

    Cybersecurity researchers Proofpoint say they have observed a notable
    increase in high-volume Japanese language campaigns using CoGUI in the wild
    in October 2024, before starting to track it in December of the same year.

    The campaigns typically include a high-volume of messages, with counts
    ranging from hundreds of thousands to tens of millions per campaign, with an average of approximately 50 campaigns per month campaigned by our
    researchers, Proofpoint explained.

    Get Keeper Personal for just $1.67/month, Keeper Family for just
    $3.54/month, and Keeper Business for just $7/month

    Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

    It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
    to protect against cyber threats.

    Preferred partner ( What does this mean? ) View Deal Millions of messages

    The campaign peaked in January 2025, when 172 million messages were sent out.

    The attackers were mostly pretending to be Amazon, PayPal, or Rakuten, but other brands were abused, as well. Japan was, by far, the most targeted country, but Proofpoint also said that there were victims in Australia, New Zealand, Canada, and the United States.

    The goal of the campaign was to steal peoples login credentials , and system information. That data includes the geographical location of the IP address, language configuration of the browser, browser type and version, monitor height and width, OS, and the type of device used (mobile, desktop, laptop).

    Proofpoint added the kit cannot grab 2FA code, but still described it as sophisticated, with advanced evasion techniques such as geofencing, header fencing, and fingerprinting.

    These allowed the threat actors to focus on specific geographies, while evading most of todays security measures.

    The researchers attributed the attacks to a Chinese-speaking threat actor
    that mainly targets Japanese language speakers in Japan.

    The best way to defend against these attacks remains the same - to use common sense, and slow down when reading and responding to email messages. You might also like What is phishing and how dangerous is it? Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/japanese-businesses-are-being-bombarded -with-millions-of-phishing-messages


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)