CERT-EU‘s Threat Landscape Report 2023 reveals a concerning trend of spear phishing campaigns targeting organizations based in the EU. These campaigns leverage EU political and diplomatic events to lure unsuspecting victims into clicking on malicious attachments or links. Threat actors impersonate EU entities and public administrations to enhance the credibility of their phishing attempts.
The report emphasizes that while specific organizations weren’t necessarily targeted, individuals and entities involved in EU affairs were the primary focus. Notably, industries such as diplomacy, defense, and transport were among the most targeted sectors. Moreover, the report underscores emerging tactics, including the use of instant messaging apps and social media for spear phishing.
As the EU elections of May 2024 approach, there’s growing concern about spear phishing operations being used to fuel information operations. Cyber espionage remains a significant motivation for these attacks, with China and Russia being the primary actors. Despite ransomware remaining a prevalent threat, no significant breaches affecting Union entities were reported in 2023.
Reference:
