Attention: IT vulnerability targeting Computer Services (CS) employees

June 22, 2021 - Defence Stories

The Canadian Forces Network Operations Centre (CFNOC) recently discovered a “watering hole targeting Computer Systems (CS) employees within the Government of Canada.

A “watering hole attack” is a malicious cyber activity employed by an actor that leverages social engineering to target a specific group of people. The actor attempts to entice the targeted group to browse to an apparently legitimate website and have them download a malicious file. The objective of these activities is to take control of the user’s device to steal their personal information, information on government networks, and/or leverage their device as part of a larger compromise.

In this instance, CFNOC identified that the domain “hxxp://slaspaportcast[.]com/cs-group-collective-agreement/” hosted a zip file, which contained a malicious javascript file. This link appears in the top Google searches when a user is searching for the CS Collective Agreement and is not an official outlet to obtain this information. Once identified, CFNOC moved to block this domain from all DND/CAF networks. No DND/CAF system was compromised as a result of this vulnerability.

DND/CAF employees and specifically those in the CS community are asked to be extra vigilant when looking for information online. If you suspect that your DND provided device (laptop, smartphone) has been compromised, you are advised that you contact your local or regional service desk. If you believe a personal device, or personal information has been compromised, please visit the Canadian Centre for Cyber Security (CCCS) (accessible only on the National Defence network) website and follow the incident management process for “Cybercrime” and “scams, fraud, and phishing”.

Users are encouraged to talk to their Information Systems Security Officers (ISSO) should they have questions concerning this vulnerability.

Page details

Date modified: