News about Colonial Pipeline Attack Used As A Lure by Hackers

Notoriety of Colonial Pipeline Attack Used As A Lure by Hackers

Security researchers said criminals create new phishing campaigns designed to take advantage of the Colonial Pipeline attack’s popularity.

It is common for attackers to create phishing emails themed after well-known events to trick people into clicking links and other suspicious content.

Customers of the cybersecurity firm INKY reported receiving emails that warned them about the ransomware attack against Colonial Pipeline. They were asked to download updates to prevent a similar scenario from happening to them.

The links were hosted on NameCheap domains with convincing names like and Attackers used the same domains for sending emails and hosting URLs.

The attackers used the images and logos of the target company to make the fake websites look more convincing. After clicking on a download button, the victims downloaded a “Cobalt Strike” file onto their computers called “Ransomware_Update.exe.”

The “Cobalt Strike” ransomware was the second most prevalent threat detected by Red Canary in 2021.

INKY says a month after the pipeline company paid the DarkSide Group millions in ransom money, they started seeing this phishing attack.

“In this environment, phishers tried to exploit people’s anxiety, offering them a software update that would ‘fix’ the problem via a highly targeted email that used design language that could plausibly be the recipient’s company’s own,” Alibe wrote. “All the recipient had to do was click the big blue button, and the malware would be injected.”

The attackers also made their emails look like they have been sent by the user’s own company, which helped them capitalize on the fear around ransomware.

“If it looks as if it was sent by the company itself (e.g., from HR, IT or Finance), does it in fact originate from an email server under the company’s control? If it looks like the HR or IT Departments but deviates from the norm, that should be a flag,” the blog post said.

Alibe said IT teams should expect more of similar attacks:

“We would not be surprised if we see attackers use the recent Nobelium-USAID phishing campaign as a lure,” Alibe said.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.