Based on monitoring conducted and incident notifications received by the Computer Incident Response Center of the State Service of Special Communication and Information Security of the Republic of Azerbaijan, a mass phishing email campaign targeting email addresses belonging to various government agencies within the “AzStateNet” network has been identified.
This was reported to Modern.az by the Electronic Security Service (National CERT).
According to the information, the attack scenario, based on social engineering methods aimed at creating a sense of fear and urgency among citizens, aims to induce victims to fulfill certain demands through fake notifications and attached documents.
During the investigation, it was determined that in the initial phase of the attack scenario, an email titled “Notification of the Necessity of Criminal Investigation” was sent from an email address appearing legitimate, and in the subsequent phase, correspondence with the victim continued, allegedly presenting demands that create legal responsibility and financial obligation. Analyses revealed that the mentioned campaign was built more on elements of psychological pressure, manipulation, and abuse of trust rather than malicious links or files.
A detailed investigation into the aforementioned incident was conducted by the Center's Malware Research Laboratory.
“Citizens are once again advised not to panic when encountering such situations, to carefully check the source of sent emails, and not to respond immediately to suspicious notifications. It is especially important to be cautious with messages sent on behalf of official bodies that create legal responsibility, fines, or demands for urgent action, and in such cases, to verify the information by directly contacting the relevant institutions. At the same time, if suspicious emails and attachments are discovered, reporting them to information security officers and relevant institutions is crucial for the timely prevention of cyber threats,” the ESS stated in its information.
