- ProofPoint observes a notable increase in phishing emails aimed at Japanese companies
- Electronic emails are sent through a kit called COGUI
- The researchers attributed the attack on a Chinese speech threat actor
Threat actors are flooding Japanese companies with phishing attacks, and are using a unique phishing kit called Cogui to do so.
Cybersecurity researchers, proof, say they have observed a “remarkable increase” in high -volume Japanese language campaigns using COGUI in nature in October 2024, before starting to track it in December of the same year.
“Campaigns generally include a high volume of messages, with counts ranging from hundreds of thousands to tens of millions per campaign, with an average of approximately 50 campaigns per month that campaigned for our researchers,” Proofpoint explained.
Millions of messages
The campaign reached its maximum point in January 2025, when 172 million messages were sent.
The attackers intended to be Amazon, Paypal or Rakuten, but were also abused from other brands. Japan was, with much, the most objective country, but ProofPoint also said there were victims in Australia, New Zealand, Canada and the United States.
The target of the campaign was to steal the session credentials of people and system information. These data include the geographical location of the IP address, the navigator language configuration, the type of browser and the version, height and width of the monitor, the operating system and the type of device used (mobile, desktop, laptop).
Proofpoint added that the kit cannot take the 2FA code, but still described it as “sophisticated”, with advanced evasion techniques such as geofencing, header fences and digital footprints.
These allowed the threat actors to focus on specific geographies, while evading most of today’s security measures.
The researchers attributed attacks on a Chinese -speaking threat actor who is mainly addressed to Japanese languages in Japan.
The best way to defend themselves against these attacks remains the same: use common sense and reduce speed when reading and responding to email.
