Over the last 24 hours, CYFIRMA Threat Intelligence has gathered information which indicates that financially motivated Chinese speaking cybercriminals are developing infrastructure for staging phishing campaigns to sell fake Tokyo 2020 Olympics merchandise. These phishing emails abuse Tokyo 2020 Olympics brand and target English and Spanish speaking population.
Earlier Observations:
On 20th August 2018, CYFIRMA Threat Intelligence team issued an early warning of Tokyo Olympic themed phishing/smishing campaign. Mandarin and Russian speaking attackers were found colluding for a major data exfiltration campaign installing interceptor malware executable via phishing link/attachment.
On 4th September 2018, CYFIRMA gathered substantial evidences around the launch of the first of the five phishing campaigns.
On 19th September 2018, CYFIRMA gathered intel around hackers having launched the second phishing campaign.
The CYFIRMA Risk Rating for this Out of Band Notification is: HIGH
CTI have gathered additional Indicators of Compromise pertaining to possible future attack and continues to monitor and assess the situation. You are advised to take precautionary measures.