The baits and documents in a persistent phishing campaign that targets U.S. government contractors have grown significantly. Attackers are currently asking for bids on lucrative government projects and sending the recipients to phishing sites that imitate official federal agency portals.
The communications now employ a number of tricks, such as enhanced phishing web page behavior and the removal of artifacts that exposed fraud in earlier iterations of the attached PDF.
A step has been added to the Captcha Challenge to ensure that they do not log bot input because threat actors are also attempting to persuade visitors to enter their Microsoft Office 365 account information.
Threat actors have been doing this since January 2022 by attaching PDFs that provide instructions for submitting bids for projects from the US Department of Labor. The operatives have expanded their reach and are now pretending to be the Department of Commerce and Transportation.