Who Crossed the Red Cross?

November 3, 2023

Introduction

When you hear about the Red Cross, what first comes to mind? Is it donating blood and plasma? Is it disaster relief and recovery? Do you have some kind of personal story that goes along with the organization?

So in many ways, it makes sense that a threat actor who relies on social engineering techniques would try to capitalize on the Red Cross’s good reputation to trick victims into sharing personal information.

What Happened to the Red Cross?

In late September 2023, an advanced persistent threat (APT) group deemed “AtlasCross” sent their victim pool an attachment called Blood Drive September 2023.docm

Inside there lay a file titled Become a Blood Donor, which secretly kickstarted a malware .PKG in the background. Just like that, the victims’ desire to do good backfires on their private data. AtlasAgent, as the trojan was dubbed, would then begin stealing user information and system data.

What is an Advanced Persistent Threat?

Known commonly as APT, these threats encompass any sophisticated, long-term, and undetected hack on your system. By remaining secretive, these bad actors are able to steal sensitive data over a prolonged period of time. They are known for being quite patient and persistent, so they can remain in a network for months or even YEARS without detection!

APT groups often target specific organizations or industries for long-term espionage or sabotage, and use sophisticated tools to evade traditional security controls. That’s why advanced protection is so important against advanced persistent threats!

Once they have access to a network, APT attackers have something of a carte blanche; they can move laterally within the network, escalate their privileges and steal sensitive data with ease. In the case of the Red Cross, the software allowed AtlasCross to harvest information about the victims.

Why Phish as the Red Cross?

Threat actors often use “masks” of large organizations to increase their likely victim pool; in this case, the lure is doubled by using a charitable organization as a cover. Phishing scams often rely on pivotal emotions like goodwill, guilt, pity and fear to engender a sense of timeliness regarding their proposal. It makes sense why these amoral threat actors might choose the Red Cross as a mask!

This is why it is so critical to beware attachments, even when you THINK it’s coming from somebody that you trust.

Whenever possible, go through the organization’s main site in a separate tab to ensure you are communicating with the real team on secure channels. NEVER send private information through insecure channels!

Avoid Getting Hooked By Phishers!

  • Be suspicious of any email that asks for personal information. Legitimate companies will not ask for your personal information via email.
  • Hover over links before you click on them. This will show you the actual URL that the link goes to. If the URL does not match the website that the link is supposed to go to, do not click on it.
  • Be careful about opening attachments. Only open attachments from people you know and trust. If you are unsure about an attachment, do not open it.
  • Keep your software up to date. Software updates often include security patches that can help protect you from phishing attacks.

If you are unsure about an email or attachment, it is always best to err on the side of caution! Delete or verify the sender before doing anything else. Together, we can keep the Internet a safer place to surf.

References

Most Recent Post

Guide to Improving Your Company’s Data Management

Guide to Improving Your Company’s Data Management

Data is the lifeblood of modern businesses. It fuels insights, drives decision-making, and ultimately shapes your company's success. But in today's information age, data can quickly become overwhelming.Scattered spreadsheets, siloed databases, and inconsistent...

“Knowledgeable, reliable and trustworthy”

In addition to being knowledgeable, reliable and trustworthy, he’s very friendly and accessible. Would definitely use his services again.

Nyshie Perkinson

Senior Media Specialist, Center for Biological Diversity

Related Articles

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Cyber threats are a perpetual reality for business owners. Hackers are constantly innovating. They devise new ways to exploit vulnerabilities in computer systems and networks.For businesses of all sizes, a proactive approach to cybersecurity is essential. One of the...

7 Common Pitfalls When Adopting Zero Trust Security

7 Common Pitfalls When Adopting Zero Trust Security

Zero Trust security is rapidly transforming the cybersecurity landscape. It moves away from traditional perimeter-based security models. In this approach, every connection attempt is continuously verified before granting resource access.56% of global organizations say...

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

What are some of the key differentiators that can propel small businesses forward? They include efficiency, productivity, and innovation. Microsoft has expanded the availability of one of its most dynamic tools to SMBs. A tool that can be a real game-changer for...