Phishing Scam Targets World Agricultural Cycling Competition Participants: A Detailed Analysis

In a recent discovery, researchers have uncovered a sophisticated phishing scam targeting participants of the World Agricultural Cycling Competition (WACC). The scam, which cleverly mimics the official WACC website, aims to deceive users into downloading malicious software.

The phishing site, hosted at “wacc[.]photo,” closely resembles the legitimate WACC website, making it challenging for users to discern the fraud. Launched shortly after the conclusion of the WACC in France, the scam entices users with promises of exclusive event photos in a bid to increase successful phishing attacks.

According to Cyble Research and Intelligence Labs (CRIL), the deceptive site tricks users into downloading a ZIP file containing shortcut files disguised as image files. When executed, these shortcuts initiate a complex infection chain leading to the deployment of a Havoc Command and Control (C2) framework.

The Havoc C2 framework attempts to establish a connection with an Azure Front Door domain, redirecting to the actual Command and Control server for further malicious activities. The phishing site also contains an open directory with various malware payloads, indicating a strategic approach by the threat actor.

To protect against such phishing scams, organizations and individuals are advised to verify website legitimacy, conduct regular cybersecurity training, restrict PowerShell execution, and utilize advanced endpoint protection solutions. Monitoring network traffic is also crucial in detecting unusual patterns that may indicate malicious activity.

The World Agricultural Cycling Competition scam serves as a reminder of the evolving tactics used by cybercriminals to target unsuspecting individuals and organizations, highlighting the importance of staying vigilant and implementing robust cybersecurity measures.