When you hear about the Red Cross, what first comes to mind? Is it donating blood and plasma? Is it disaster relief and recovery? Do you have some kind of personal story that goes along with the organization?
So in many ways, it makes sense that a threat actor who relies on social engineering techniques would try to capitalize on the Red Cross’s good reputation to trick victims into sharing personal information.
What Happened to the Red Cross?
In late September 2023, an advanced persistent threat (APT) group deemed “AtlasCross” sent their victim pool an attachment called Blood Drive September 2023.docm
Inside there lay a file titled Become a Blood Donor, which secretly kickstarted a malware .PKG in the background. Just like that, the victims’ desire to do good backfires on their private data. AtlasAgent, as the trojan was dubbed, would then begin stealing user information and system data.
What is an Advanced Persistent Threat?
Known commonly as APT, these threats encompass any sophisticated, long-term, and undetected hack on your system. By remaining secretive, these bad actors are able to steal sensitive data over a prolonged period of time. They are known for being quite patient and persistent, so they can remain in a network for months or even YEARS without detection!
APT groups often target specific organizations or industries for long-term espionage or sabotage, and use sophisticated tools to evade traditional security controls. That’s why advanced protection is so important against advanced persistent threats!
Once they have access to a network, APT attackers have something of a carte blanche; they can move laterally within the network, escalate their privileges and steal sensitive data with ease. In the case of the Red Cross, the software allowed AtlasCross to harvest information about the victims.
Why Phish as the Red Cross?
Threat actors often use “masks” of large organizations to increase their likely victim pool; in this case, the lure is doubled by using a charitable organization as a cover. Phishing scams often rely on pivotal emotions like goodwill, guilt, pity and fear to engender a sense of timeliness regarding their proposal. It makes sense why these amoral threat actors might choose the Red Cross as a mask!
This is why it is so critical to beware attachments, even when you THINK it’s coming from somebody that you trust.
Whenever possible, go through the organization’s main site in a separate tab to ensure you are communicating with the real team on secure channels. NEVER send private information through insecure channels!
Avoid Getting Hooked By Phishers!
- Be suspicious of any email that asks for personal information. Legitimate companies will not ask for your personal information via email.
- Hover over links before you click on them. This will show you the actual URL that the link goes to. If the URL does not match the website that the link is supposed to go to, do not click on it.
- Be careful about opening attachments. Only open attachments from people you know and trust. If you are unsure about an attachment, do not open it.
- Keep your software up to date. Software updates often include security patches that can help protect you from phishing attacks.
If you are unsure about an email or attachment, it is always best to err on the side of caution! Delete or verify the sender before doing anything else. Together, we can keep the Internet a safer place to surf.