VERY IMPORTANT

Anomali Labs researchers recently discovered a phishing site masquerading as a login page for the United Nations (UN) Unite Unity, a single sign-on (SSO) application used by UN staff. When visitors attempt to login into the fraudulent page, their browser is redirected to an invitation for a film viewing at the Poland Embassy in Pyongyang dated September 2018. Further analysis of the threat actor’s infrastructure uncovered a broader phishing campaign targeting several email providers, financial institutions, and a payment card provider. We expect to see malicious actors continue to target the United Nations staff as well as the listed brands and their users with faux login pages designed to pilfer their user credentials for resale on criminal forums and marketplaces and in the case of financial accounts to steal payment card information.