Bolster has been actively monitoring reports of Venezuelan Government's apparent involvement in hacking its own citizens through phishing. Bolster's product CheckPhish.ai has been a key element in this investigation since the very beginning, when a security researcher Jose-Luis Rivas, broke the story via a series of tweets. Since then, the story has been picked up several news channels like Espacio Público (Venezuela) and Motherboard (US) providing more details.
CheckPhish noticed a huge spike in traffic as soon as Jose-Luis Rivas shared his research on Twitter.
While CheckPhish gets visitors from over 150 countries a week, this traffic spike from Venezuela was so big that it ranked second in most used sessions by country, as seen in the Google Analytics image below.
It all started with a domain gmail[.]web[.]ve that went live on August 16, 2018. CheckPhish detected it as a phishing site when the creators attempted registering for SSL certification. Below is the original screenshot and details of that scan.
Screenshot of gmail[.]web[.]ve on August 16 2018
On Feb 13 2019, Jose-Luis Rivas published tweets with links from CheckPhish showing details of past phishing domains associated with IP address 18.104.22.168.
En este reporte, por ejemplo, del 16 de agosto de 2018, pueden ver cómo hay incluso una captura de pantalla donde se ve que imitan al sitio web de Gmail https://t.co/0FZHFvm8sS— Jose-Luis Rivas (@joseluisrivas) February 13, 2019
Associated with this IP address, voluntariovenezuela[.]com was the first phishing domain to be uncovered during the investigation by security researchers. This was targeting a site voluntariosxvenezuela.com, which was set up on February 4, 2019 for international humanitarian donations to Venezuela.
Following these events, CheckPhish identified additional hosts linked to firstname.lastname@example.org - the contact email listed in WHOIS records of all domains in these attacks.
This research is ongoing and we'll be publishing more details on this blog post as we gather them.
CheckPhish is a free AI powered zero-day phishing and counterfeit website detection system. If you come across a suspicious links, we advise you to scan it through checkphish.ai before accessing it.