TA4903 Spoofing Government Entities and SMBs for Financial Gain

Summary:

TA4903, a financially motivated threat actor, conducts high-volume email campaigns targeting U.S. organizations for credential phishing and business email compromise (BEC). They spoof various U.S. government agencies and private businesses, employing tools like EvilProxy and incorporating QR codes into phishing campaigns. TA4903’s evolving tactics include expanding BEC themes to small and medium-sized businesses, indicating a persistent and adaptable threat.

Threat Level – Red | Actor Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.