SocGholish Finds Success Through Novel Email Techniques

Researchers at Proofpoint revealed more technical details about SocGholish, the malware variant they identified earlier this month, highlighting its noteworthy tactics that differ from traditional phishing campaigns.

According to a Proofpoint blog post Tuesday, SocGholish deviates from the norm by forgoing all the classic staples of modern phishing, such as instilling a sense of urgency, promises of rewards, and misdirection. Instead, researchers found that SocGholish is leveraged in email campaigns with injections on sites, mainly targeting organizations with extensive marketing campaigns or strong Search Engine Optimization.

“[SocGholish] really is sophisticated. I do not like to use the word ‘sophisticated’ when it comes to threats in general, but this actor [along with] its development lifecycle and various techniques really are head and shoulders above other actors,” Andrew Northern, senior threat researcher at Proofpoint, said during a virtual event on Tuesday.

Drew Schmitt, managing security consultant and lead analyst at GuidePoint Security, expanded on that point, telling SC Media in an email that SocGholish hasn’t been observed using this attack vector before, and their email-based attacks combined with download style infections “is unique in the sense that it explicitly avoids having characteristics that the average user would be able to detect and identify.”

Proofpoint first tweeted about SocGholish attacks on November 2, disclosing that the malware has infected over 250 U.S. news sites. The company said it observed intermittent injections in a media company that serves content through Javascript to its partners. The threat actor, tracked by Proofpoint as TA569,

Read more

Explore the site

More from the blog

Latest News