VERY IMPORTANT

The Anomali Threat Research Team discovered a phishing site impersonating a login page for the Ministry of Foreign Affairs of the People's Republic of China email service. When visitors attempt to login to the fraudulent page, they are presented with a pop-up verification message asking users to close their windows and continue browsing. Further analysis of the threat actor’s infrastructure uncovered a broader phishing campaign targeting other government sites and state-owned enterprises in China. One of the domains uncovered during the investigation was identified by the Chinese security vendor “CERT 360” as being part of the “BITTER APT” campaign in May 2019. Anomali has identified further attempts by the actor to target the government.