This sophisticated approach to victim targeting and sandbox evasion, combined with geofencing and headers fencing techniques, demonstrates why CoGUI has been so successful in its campaigns, and why Proofpoint assesses it is likely being used by multiple Chinese-speaking threat actors primarily targeting Japanese-language speakers. A sophisticated phishing framework known as CoGUI has emerged as a significant threat, primarily targeting organizations in Japan with millions of phishing messages since October 2024. Central to its evasion strategy is sophisticated browser profiling that collects information including geographical location of IP addresses, browser language configurations, browser type and version, screen dimensions, operating system platform, and device type. According to Proofpoint’s analysis, while Japanese organizations remain the primary target, several campaigns have also been observed targeting users in Australia, New Zealand, Canada, and the United States. When a potential victim visits a CoGUI phishing page, the kit first evaluates whether the browser meets its targeting criteria. For instance, if the phish is spoofing “Amazon.co.jp” and fails verification, the visitor is seamlessly redirected to the legitimate Japanese Amazon website, leaving no trace of the attempted attack. Beyond just usernames and passwords, the phishing kit is designed to capture payment card details, creating significant financial risk for victims. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 08 May 2025 04:00:00 +0000