BlueVoyant identifies novel threat actor campaign using fake law firm invoices to launch phishing attacks
GUEST RESEARCH: BlueVoyant’s Threat Fusion Center (TFC) recently flushed out a cyber attack campaign targeting a diverse array of organizations by exploiting the inherent trust associated with legal services.
We have dubbed the campaign “NaurLegal” and believe it is orchestrated by the eCrime group Narwhal Spider (aka Storm-0302, TA544).
Campaign detailsThe attackers disguise malicious PDF files as authentic-looking invoices from reputable law firms, a tactic designed to deceive recipients across various industries. The NaurLegal Campaign leverages the guide of legitimacy by crafting PDF files with convincing file names such as “Invoice_[number]_from_[law firm name].pdf.” This strategy plays on the routine expectation…