Combatting a phishing campaign targeting Belgian citizens
Phishing attacks have become increasingly sophisticated in recent years, with cybercriminals employing techniques such as geo-restrictions to evade detection. At JustGuard, we recently encountered a phishing campaign that stood out due to its complexity and its target: the Belgian government login portal (https://csam.be). Here’s how we identified, mitigated, and dismantled this malicious operation.
Detection Through Phishing Kit Fingerprinting
The attack was first flagged in the JustGuard admin portal after a new phishing kit fingerprint was added to our database. This fingerprinting process, which leverages a combination of fuzzy hashes and resource comparisons, enabled us to detect the campaign’s cloning of the legitimate Belgian government portal.
Upon investigation, we uncovered over 150 malicious domains involved in the campaign. These domains were being used to deceive users into entering sensitive information, potentially leading to significant personal and financial harm.
Key Indicators of Compromise (IOCs)
Below some examples of URLs that were identified as part of this phishing campaign:
https://dossiercheck.info/v/log.phphttps://docu-explicit.info/v/log.phphttps://documentstock.info/v/log.phphttps://vericenter.info/v/log.phphttps://documentcare.info/v/log.phphttps://docustand.info/v/log.phphttps://secyvieuw.info/v/log.phphttps://infosort.info/v/log.phphttps://doccadmin.info/v/log.phphttps://documentframe.info/v/log.phphttps://dossierportaal.info/v/log.phphttps://boarddoc.info/v/log.phphttps://kern-nova.info/v/log.phphttps://docuplanet.info/v/log.phphttps://cmdossier.info/v/log.phphttps://informside.info/v/log.phphttps://infochecked.info/v/log.phphttps://infodeel.info/v/log.phphttps://infocheck.info/v/log.phphttps://ennggielabelcompensatie.xyz/v/log.phphttps://telestandaard.info/v/log.phphttps://controllekring.info/v/log.phphttps://datadocument.info/v/log.phphttps://documentfactor.info/v/log.phphttps://rszberichtportaal.info/v/log.phphttps://inkikijkenweb.info/v/log.phphttps://kijkinstel.info/v/log.phphttps://prodocuments.info/v/log.phphttps://onlineportaal.info/v/log.php
These domains were part of the infrastructure used to deceive victims into divulging sensitive information.
A Coordinated Takedown Effort
Once the malicious domains were identified, we immediately initiated the takedown process:
- Server and domain suspensions: The infrastructure hosting the phishing sites was disabled.
- Account blocking: Associated accounts were locked to prevent further exploitation.
- Warning pages: Alert pages were deployed to inform users attempting to access the fraudulent sites.
Collaboration with Namecheap
A critical element of our success in this operation was the swift collaboration with Namecheap, Inc. Their team acted promptly, working closely with us to disable a significant number of the malicious domains in just a few hours. This partnership underscores the importance of collaboration in cybersecurity.
Why Teamwork Matters in Cybersecurity
Cybersecurity is not a solo endeavor—it’s a collective effort. This campaign reinforced what we at JustGuard believe to be one of the most rewarding aspects of the field: teamwork. Whether it’s working with domain registrars like Namecheap, or within our own team of dedicated professionals, collaboration is key to protecting users from cyber threats.
Stay Vigilant Against Phishing
As phishing tactics evolve, it’s crucial to stay informed and vigilant. At JustGuard, we’re committed to identifying and neutralizing threats before they cause harm. If you’re looking for a reliable partner in cybersecurity, reach out to us to learn how we can help protect your organization and customers.
Together, we can create a safer digital world.
JustGuard: Your first line of defense against phishing and cyber threats.