Subj : Japanese businesses are being bombarded with millions of phishing To : All From : TechnologyDaily Date : Wed May 07 2025 12:30:07 Japanese businesses are being bombarded with millions of phishing messages Date: Wed, 07 May 2025 11:22:00 +0000 Description: A Chinese threat actor is on the hunt for login credentials and system data. FULL STORY ======================================================================Proofpoi nt observes notable spike in phishing emails targeting Japanese businesses The emails are being sent out via a kit called CoGUI The researchers attributed the attack to a Chinese-speaking threat actor Threat actors are flooding Japanese businesses with phishing attacks, and are using a unique phishing kit framework called CoGUI to do it. Cybersecurity researchers Proofpoint say they have observed a notable increase in high-volume Japanese language campaigns using CoGUI in the wild in October 2024, before starting to track it in December of the same year. The campaigns typically include a high-volume of messages, with counts ranging from hundreds of thousands to tens of millions per campaign, with an average of approximately 50 campaigns per month campaigned by our researchers, Proofpoint explained. Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data. It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats. Preferred partner ( What does this mean? ) View Deal Millions of messages The campaign peaked in January 2025, when 172 million messages were sent out. The attackers were mostly pretending to be Amazon, PayPal, or Rakuten, but other brands were abused, as well. Japan was, by far, the most targeted country, but Proofpoint also said that there were victims in Australia, New Zealand, Canada, and the United States. The goal of the campaign was to steal peoples login credentials , and system information. That data includes the geographical location of the IP address, language configuration of the browser, browser type and version, monitor height and width, OS, and the type of device used (mobile, desktop, laptop). Proofpoint added the kit cannot grab 2FA code, but still described it as sophisticated, with advanced evasion techniques such as geofencing, header fencing, and fingerprinting. These allowed the threat actors to focus on specific geographies, while evading most of todays security measures. The researchers attributed the attacks to a Chinese-speaking threat actor that mainly targets Japanese language speakers in Japan. The best way to defend against these attacks remains the same - to use common sense, and slow down when reading and responding to email messages. You might also like What is phishing and how dangerous is it? Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/japanese-businesses-are-being-bombarded -with-millions-of-phishing-messages --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .