December 12, 2019

Anomali Threat Research Team Identifies Widespread Credential Theft Campaign Aimed at U.S. and International Government Agency Procurement Services

Hidden Adversary Ran Short Term Campaign

REDWOOD CITY, Calif., — Thursday, Dec. 12 — Anomali, a leader in intelligence-driven cybersecurity, today published a new report from the Anomali Threat Research Team: Phishing Campaign Targets Login Credentials of Multiple U.S., International Government Procurement Services.

The research identified numerous phishing sites designed to steal credentials from victims at 22 government procurement services agencies and several private businesses. Targeted organizations in the United States included the U.S. Department of Energy, U.S. Department of Commerce, U.S. Department of Veterans Affairs, U.S. Department of Transportation, and the U.S. Department of Housing and Urban Affairs. Private enterprises targeted included DHL International and China-based SF-Express.

To execute the campaign, adversaries sent lure documents via phishing emails containing links to spoof phishing sites that were masquerading as legitimate login pages. Victims duped into following the phishing email link would then be invited to log in. Anyone who fell victim to the adversaries would have provided them with their credentials.

Anomali researchers have not identified the threat actors. Researchers say the method used is consistent with a persistent attack. Adversaries hosted the spoofed phishing site domains in Turkey and Romania. The campaign is currently dormant.

The full report can be accessed here. Identified Indicators of Compromise (IOCs) have been integrated directly into Anomali Altitude customers’ security infrastructures to enable faster and more automated detection, blocking, and response. For more information on how Anomali customers gain integrated access to threat research, click here.

About Anomali

Anomali® delivers intelligence-driven cybersecurity solutions. Anomali Altitude™ platform solutions include Anomali ThreatStream®, Anomali Match™, and Anomali Lens™. Private enterprises and public organizations use Anomali to harnesses threat data, information, and intelligence to make effective cybersecurity decisions that reduce risk and strengthen defenses. The Anomali partner program provides access to threat feeds from all layers of the web and delivers seamless integrations into leading security infrastructure technologies. The Anomali Threat Research Team provides actionable threat intelligence that helps customers, partners and the overall security community to detect and mitigate the most serious threats to their organizations. Anomali customers include more than 350 global organizations, many of the Global 2000 and Fortune 500, and large government and defense organizations around the world. Founded in 2013, it is backed by leading venture firms including GV, Paladin Capital Group, Institutional Venture Partners, and General Catalyst. Learn more at


Joe Franscella
News Media Relations