On May 25, 2021, Volexity identified a phishing campaign targeting multiple organizations based in the United States and Europe. The following industries have been observed being targeted thus far: NGOs Research Institutions Government Agencies International Agencies The campaign’s phishing e-mails purported to originate from the USAID government agency and contained a malicious link that resulted in an ISO file being delivered. This file contained a malicious LNK file, a malicious DLL file, and a legitimate lure referencing foreign threats to the 2020 US Federal Elections. This blog post provides details on the observed activity and outlines possible justification that this campaign could be related to APT29. Phishing Email Campaign The original e-mails looked like the following: Figure 1. Phishing e-mails sent to numerous organizations Volexity also observed a smaller campaign from the same sender with largely the same content several hours earlier, but with the subject line “USAID Special Alert!”. […]