The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued an alert regarding a sophisticated spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). They note a sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs. CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign. The alert contains information on tactics, techniques, and procedures (TTPs) and malware associated with this campaign. CISA and FBI urge governmental and international affairs organizations and individuals associated with such organizations to adopt a heightened state of awareness and implement the recommendations in the Mitigations section of this advisory. Access the alert at CISA or below.

With the release of the alert, they acknowledge recent open-source reporting attributing this activity to APT29. Also known as Nobelium, Microsoft released an alert on a new campaign by this group late last week, which WaterISAC reported on in an advisory sent to members on Friday. However, CISA and FBI report they are investigating this activity and have not attributed it to any threat actor at this time.