FCC staff targeted in phishing attack that cloned agency login site

The Federal Communications Commission on Friday confirmed it was the subject of a phishing operation that deployed a fake login page used by staff to authenticate their credentials.

The cloned site, known as a phishing kit, was constructed by hackers who duplicated a legitimate login webpage from identity management vendor Okta, aiming to deceive users into entering in their private account information. It was discovered by cloud security firm Lookout, who announced the findings on Thursday.

“The FCC was aware of this fake website and took measures to address it,” said agency spokesperson Will Wiquist. “Beyond that, we will decline to comment about FCC security measures.”

The phishing kit, designated as CryptoChameleon, has mainly targeted cryptocurrency exchange platforms used by Binance and Coinbase employees, where fraudulent text messages and voice calls were used to personally reach targets to build a false sense of trust with them.

“This has resulted in a high success rate, leading to the collection of quality data, including usernames, passwords, password reset URLs and even photo IDs,” Lookout said, noting that the phishing operation has also successfully forged sites which use authentication offerings from Outlook and Google.

“Hundreds of victims” have been impacted by the CryptoChameleon phishing operation, the company said. 

The phishing group is one of many that tries to siphon login credentials to legitimate platforms, allowing them direct access into accounts where they can pilfer funds and use that information to infiltrate victims’ other accounts.

Lookout noted the CryptoChameleon group deploys similar tactics used by the ScatteredSpider criminal group that became the subject of high-profile casino hacks last year, but said there are enough differences found by analysts to indicate it could be a different cybercrime gang altogether.