SafeBreach Hacker's Playbook Updated for US-CERT Alert AA20-225A Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
US Cert Alerts
SafeBreach Labs has updated the Hacker's Playbook™ with new simulations for IOCs described in US-CERT Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails (AA20-225A).
This alert addresses a new phishing campaign that targets users for loan relief of COVID-19 from the U.S. Small Business Administration. The malicious emails contain a link to a spoofed website, presenting a fake login page for SBA’s Economic Disaster Loan Portal, for the purpose to steal credentials.
SafeBreach Labs has updated the Hacker’s PlaybookTM to ensure these malicious emails are blocked and outbound C2 communication is prevented.
The new attack methods for US-CERT AA20-225A are already in the SafeBreach Hacker’s Playbook and ready to be run across your simulators. The Known Attack Series report is being updated so you can run just the specific attacks from this US-CERT alert. From the Known Attack Series report, select the US-CERT Alert AA20-225A (SBA Covid-19) report and there is an option to Run Simulations that will run all the attack methods.