Hackers posing as members of the U.S. Computer Emergency Readiness Team are emailing feds using the bogus sender address SOC@US-CERT.GOV, according to federal officials.
The real U.S. CERT -- we think -- issued an alert saying that today it began receiving reports of a phishing campaign that uses spoofed US-CERT email addresses to apparently target federal, state, and local governments, as well as many private sector organizations. The fake messages contain an attachment, but the alert does not say whether the file is malicious or what it does to a person's computer. Phishing emails typically install viruses when opened or they direct users to enter personal information for a seemingly legitimate, but actually fraudulent, purpose.
According to the real US-CERT officials, the subject of this message is "Phishing incident report call number: PH000000XXXXXXX." The name of the attachment is "US-CERT Operation Center Report XXXXXXX.zip," with the "X" possibly indicting a random value or string. The attachment executes a file with the name "US-CERT Operation CENTER Reports.eml.exe."
The instigators also are using other invalid email addresses, according to officials.
The alert advises that computer users immediately delete the email without opening the message or any of its attachments.
Criminals and U.S. adversaries are usually blamed for such attacks. Last week, an Internet security researcher reported that China-based attackers have been sending federal agencies and contractors infected emails about drones apparently to spy on U.S. intelligence matters. That phishing campaign used email addresses from military and other government organizations, said AlienVault Labs manager Jaime Blasco, who was not at liberty to specify the addresses.