Anomali has discovered a phishing campaign that works by stealing login credentials from government procurement, email and courier services worldwide.
The security company said Tuesday the credential harvesting threat has targeted the departments of Energy, Commerce, Urban Housing and Development, Veterans Affairs and Transportation.
Attackers have sent phishing emails that contained links of fake websites posing as official login pages and spoofed online portals for organizations that facilitate buying services for the governments of Maryland, Canada, Mexico, Peru, Australia, Sweden and South Africa.
Anomali’s threat research group determined host locations for the spoofed site domains in Romania and Turkey.
The identities of threat actors behind the campaign are still unclear, the company noted.