- Proofpoint observes notable spike in phishing emails targeting Japanese businesses
- The emails are being sent out via a kit called CoGUI
- The researchers attributed the attack to a Chinese-speaking threat actor
Threat actors are flooding Japanese businesses with phishing attacks, and are using a unique phishing kit framework called CoGUI to do it.
Cybersecurity researchers Proofpoint say they have observed a “notable increase” in high-volume Japanese language campaigns using CoGUI in the wild in October 2024, before starting to track it in December of the same year.
“The campaigns typically include a high-volume of messages, with counts ranging from hundreds of thousands to tens of millions per campaign, with an average of approximately 50 campaigns per month campaigned by our researchers,” Proofpoint explained.
Millions of messages
The campaign peaked in January 2025, when 172 million messages were sent out.
The attackers were mostly pretending to be Amazon, PayPal, or Rakuten, but other brands were abused, as well. Japan was, by far, the most targeted country, but Proofpoint also said that there were victims in Australia, New Zealand, Canada, and the United States.
The goal of the campaign was to steal people’s login credentials, and system information. That data includes the geographical location of the IP address, language configuration of the browser, browser type and version, monitor height and width, OS, and the type of device used (mobile, desktop, laptop).
Proofpoint added the kit cannot grab 2FA code, but still described it as “sophisticated”, with advanced evasion techniques such as geofencing, header fencing, and fingerprinting.
These allowed the threat actors to focus on specific geographies, while evading most of today’s security measures.
The researchers attributed the attacks to a Chinese-speaking threat actor that mainly targets Japanese language speakers in Japan.
The best way to defend against these attacks remains the same – to use common sense, and slow down when reading and responding to email messages.
Leave a comment