CoGUI cyberattacks exploit US tariff concerns.
I’m not going to call them social engineers as that implies a level of professionalism, but criminal actors love to exploit high-profile news topics as a way to get people to fall for their scams and cyberattacks. We’ve seen it recently with DOGE-trolling $1 trillion ransomware hackers, and the appalling exploitation of the death of Pope Francis. It was only a matter of time before the cybercriminal phishing gangs exploited the global furore surrounding President Trump’s tariff policy, but that time is most certainly now. Here’s what you need to know about the CoGUI phishing kit attacks.
The CoGUI Cyberattacks Explained
California-based cybersecurity company Proofpoint knows a thing or two about cyberattack campaigns. Staying on top of the latest threat intelligence helps it protect customers, after all. So, when Genina Po, Kyle Cucci, Selena Larson and the Proofpoint threat research team warn that the threat in its attack campaign database with the highest volume is a phishing kit by the name of CoGUI, you had better pay attention.
CoGui has similarities to the Darcula threat that has been using brand impersonation to target victims globally. However, while both are used by Chinese-speaking attackers, Proofpoint said, CoGUi has targeted users in Australia, Canada, New Zealand, and the U.S., but primarily, it is Japan that has been hit with millions of phishing messages in the most recent cyberattack campaigns.
“Japanese authorities recently published details about an increase in phishing activity targeting financial organizations,” Proofpoint confirmed, adding that the campaigns have spiked since the Trump tariff announcements, and “some CoGUI campaigns have used tariff-themed lures.”
CoGUI uses techniques such as geofencing and browser fingerprinting to evade detection and has been observed deploying an average of 50 campaigns per month. Now, that might not sound too bad until you learn that each campaign can encompass tens of millions of messages sent to potential victims.
Mitigating The CoGUI Cyberattacks
With the CoGUI cyberattack determined to steal your usernames, passwords and financial information, it’s imperative that you mitigate the risk of becoming another victim. Although the current campaign appears to be mostly targeting Japanese victims, we already know that CoGUI has a broader geographic hit list, so that can change very quickly indeed. This is especially true considering that Proofpoint has said it is likely that CoGUI is being deployed “by multiple different threat actors.”
Proofpoint recommended the following mitigation tactics:
- Do not immediately click any links to combat the dangerous lures that conjure up a sense of urgency in the user. “Visit the official website of the service, and log into your account to further investigate,” Proofpoint advised.
- Employ two-factor authentication and, where available, passkeys or physical security keys.
When it comes to any cyberattack, but especially those involving phishing to relieve you of your credentials and data, always think twice and click never.
