14 DAY TRIAL // Conrad Longmore of Dyanmoo’s Blog has spotted an interesting spam campaign that leverages the name and reputation of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE).
The emails are entitled “Information Security Audit” and they read something like this:
“I am writing to inform you that NATO Cooperative Cyber Defence Centre of Excellence conducted an information security audit of the network infrastructureof your organization. It was carried out as part of exercise Steadfast Jazz 2013.
Our specialists have obtained access to theprivate network and the administration panel of the website of your organization. The level of information security of your organization does not meet the requirements of NATO cyber security guidelines.
It is strongly recommended that you pay attention to this fact. For more information you should contact NATO Cooperative Cyber Defence Centre of Excellence.”
So what’s so mysterious about these emails? They look legitimate, they appear to come from a valid CCDCOE.org email address, and the contact details they contain are genuine. They don’t contain any links or attachments.
Yet, they’re not genuine. The email analyzed by Longmore has been sent to a target in Estonia, where the CCDCOE has its headquarters.
The logo used in the email is outdated. Although it has been spoofed to appear as if it’s coming from Estonia, the message is actually sent from an IP address associated with a Caucasus Online LLC ASDL subscriber in Georgia. The IP in question, 213.157.216.139, appears to be a botnet node.
The expert says he hasn’t yet figured out what the purpose of these fake emails is. However, it’s possible that there’s a second part out there that can shed more light on the matter.
Interestingly, on Monday, a group of hackers defaced a number of Ukrainian government websites with a logo of the CCDCOE and a message that referenced the Steadfast Jazz 2013 exercise.