[Security Attack Warning] Social Engineering Attack Notice: Please strengthen your defenses against social engineering email attacks that impersonate the Executive Yuan's Legal Affairs Committee and claim to be revising the Regulations Governing the Management and Use of the Employment Stabilization Fund.

 
2026/2/3 ~ 2026/8/3
View Count:10

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-400-202601-00000012

[Content Description]
The Cybersecurity Academy recently received external intelligence that attackers are using the pretext of "amending Article 5 of the Regulations Governing the Custody and Use of the Employment Stabilization Fund" to send social engineering phishing emails containing malicious download links, tricking recipients into clicking the phishing links and downloading malicious files.

It is recommended to strengthen prevention and notify all units to be more vigilant and avoid clicking on emails, phishing links, and attachments sent by this email account to avoid being hacked. The known characteristics of the attack-related emails are as follows:
1. Sending accounts used by the hacker: "executive_yuan@boitedebijou.com.tw", "executive-yuan@boitedebijou.com.tw"
2. Subject: "Amendment to Article 5 of the 'Regulations Governing the Custody and Use of the Employment Stabilization Fund'"
3. Related malicious link: hxxps://www[.]boitedebijou[.]com[.]tw/Mns/populace/EYG/e_detail[.]do?metaid=162736&accesskey_c=3447
4. Malicious file names: "1140202422A.rar", "1140202422A.chm"
5. Related malicious relay station: 79[.]108[.]224[.]222
6. Malicious file SHA1 hash values: 73281aa5a69f2d39aa5f6e08868073a24020d677, 599217201b4db537db681a21d6115d33289eb965

Note: Related domain names are separated by "[.]" to avoid accidental triggering of connections.

[Affected Platforms]
N/A

[Recommended Measures]
1. Network administrators should refer to the hacking detection indicators and ensure that firewalls are updated to block malicious relay stations.
2. It is recommended to be vigilant about suspicious emails, verify the authenticity of email sources, and not open emails and attachments from unknown sources.
3. Install antivirus software and update it to the latest virus definitions. Before opening any files, scan email attachments with antivirus software and confirm the file type. If you find any unusual characters in the file name (such as lnk, rcs, exe, moc, etc., which are reverse orders of executable file attachment names), please be vigilant.
4. Strengthen internal communication and improve personnel's cybersecurity awareness to prevent hackers from using email for social engineering attacks.

[Reference]
Attachment - Social Engineering Attacks_IOC: https://cert.tanet.edu.tw/pdf/social_ioc_0128.csv

Files
None
【Back】
Top↑