Yesterday I came back from a weekend in Latvia and now I have come across an attack on Artea, a Lithuanian bank… The Baltics are calling me 🙂
Matrix has identified a series of patterns that have allowed them to quickly identify the various domains involved:
- banklithuanial.net
- lithuaniabankasl.net
- arteasite-login.net
- arteabankslogin.net
- italyingbank.net
One of the sites used for the attack on Artea hosts an attack on ING Italia based on a variant of the same kit.
The kit is simple but decently done.
The comments are in Russian and the Telegram tokens used to transmit the stolen credentials are these:
- 7621096866:AAFW8cGs93gcFPbpFmyK-mMJKTYYLp4ENwg
- 7764061568:AAGVrwI8IukR8kqgjn_mEqywmHHtE3RJywE
Emiliano Carlesi's blog 