- Proofpoint observes a notable peak in phishing emails targeting Japanese companies
- E-mails are sent via a kit called cogui
- Researchers attributed the attack to a Chinese threat actor
Threat actors flood Japanese companies in phishing attacks and use a unique phishing kit called Cogui to do so.
Proofpoint cybersecurity researchers said they observed a “notable increase” of high -volume Japanese campaigns using Cogui in nature in October 2024, before starting to follow it in December of the same year.
“Campaigns generally include a high volume of messages, with counts ranging from hundreds of thousands to tens of millions per campaign, with an average of around 50 campaigns per month campaigning by our researchers,” said Proofpoint.
Millions of messages
The campaign culminated in January 2025, when 172 million messages were sent.
The attackers mainly made an Amazon, Paypal or Rakuten, but other brands were also mistreated. Japan was by far the most targeted country, but Proofpoint also said that there were victims in Australia, New Zealand, Canada and the United States.
The objective of the campaign was to steal people’s identification information and system information. These data include the geographical location of the IP address, the configuration of the browser language, the type and version of the browser, the monitor height and width, the operating system and the type of device used (mobile, desktop, laptop).
Proofpoint added that the kit cannot enter code 2FA, but always described it as “sophisticated”, with advanced escape techniques such as geofencing, fencing in mind and fingerprints.
These allowed the threats of the threat to focus on specific geographies, while escaping most of today’s security measures.
Researchers have assigned attacks to a Chinese threat actor who mainly targets Japanese language speakers in Japan.
The best way to defend yourself against these attacks is the same – using common sense and slowing up when reading and response to emails.
