Spear-phishing with FreeMilk

Next story
Olivia Storey

A directed spear phishing campaign was discovered in May that targeted specific individuals with carefully constructed, customised emails, dubbed FreeMilk.

Spear phishing is a direct attack on a specific organisation or individual via email, which creates an attack vector that can gather information about the target, usually for financial gain, or for personal or company information.

The emails usually appear to come from a trusted source, for example, coming from well-known companies or websites, like Google, PayPal, or iTunes.

The success of spear phishing relies on the apparent ‘trusted source’, as users are far more likely to trust a reputable source. If the information within the email supports the validity, and the request in the email has a reasonable explanation, i.e. ‘click here to view your documents’, then the recipient is more likely to click through do the infected documents.

These particular spear phishing emails are believed to have come from compromised email accounts in North East Asia.  The threat actor has hijacked existing conversations, posing as the legitimate sender to send malicious spear phishing emails to the recipients.

Upon successful exploitation, the malicious document delivers two malware payloads: PoohMilk and Feenki, hence FreeMilk. The targeted victims includes a Middle Eastern bank, trademark and intellectual property based in Europe, international sporting organisation and individuals in North East Asia.

This technique of spear phishing is by far the most successful of attacks on the internet today.

Mark James, ESET IT Security Specialist, explains how to spot a spear phishing email, and the best way to avoid being caught out by one.

“Sadly anyone can be the victim of a spear-phishing campaign.

“It could be the result of a fake alert from something you know, or an email tailored in such a way to make you think you are already a victim, thus giving you an opportunity to stop or negate any damage already sustained. 

“By following the link or downloading the file, you are then the target, and therefore potentially the victim. 

“One of the best ways of stopping these attacks from being successful is education and training.

“Internet security software can help stop a percentage of the malware getting through, but educating the user on what to look out for, or the current forms of attack can certainly enforce the layered defence structure.

“When the attack is targeted it’s often harder to combat.

“The malicious software is often tailored to identify certain markers in its environment, and if all correct will then proceed to infect and compromise.

“Using resources like spam filters, patches, encryption, endpoint and server security software along with threat intelligence can and will help you to stay safe.”

Have you been the target of a spear-phishing attempt? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.