---
title: "You’ll Never Guess Who’s Behind the Latest Phishing Attacks | Phish Protection"
description: "You"
image: "https://phishprotection.com/og/blog/youll-never-guess-whos-behind-the-latest-phishing-attacks.png"
canonical: "https://phishprotection.com/blog/youll-never-guess-whos-behind-the-latest-phishing-attacks/"
---

Quick Answer

You might think that phishing emails from these “third world” countries would be unsophisticated and easy to detect. You’d be wrong. First North Korea. According to the Digital Journal, “Several U.S. businesses have been targeted by a campaign seemingly to originate from North Korea and using the tactic of spear-phishing. The cyber-assault is sophisticated, using legitimate documents as the targets.”

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyoull-never-guess-whos-behind-the-latest-phishing-attacks%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=You%E2%80%99ll%20Never%20Guess%20Who%E2%80%99s%20Behind%20the%20Latest%20Phishing%20Attacks&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyoull-never-guess-whos-behind-the-latest-phishing-attacks%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyoull-never-guess-whos-behind-the-latest-phishing-attacks%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyoull-never-guess-whos-behind-the-latest-phishing-attacks%2F&title=You%E2%80%99ll%20Never%20Guess%20Who%E2%80%99s%20Behind%20the%20Latest%20Phishing%20Attacks "Share on Reddit") [ ](mailto:?subject=You%E2%80%99ll%20Never%20Guess%20Who%E2%80%99s%20Behind%20the%20Latest%20Phishing%20Attacks&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fyoull-never-guess-whos-behind-the-latest-phishing-attacks%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/10/phishing-prevention-best-practices-2207.jpg) 

Would you believe North Korea, Nigeria and Egypt?

_You might think that **phishing emails** from these “third world” countries would be unsophisticated and easy to detect. You’d be wrong._

First North Korea. According to the[ Digital Journal](http://www.digitaljournal.com/tech-and-science/technology/north-korean-spear-phishing-campaign-attacks-usa-firms/article/558921), “Several U.S. businesses have been targeted by a campaign seemingly to originate from North Korea and using the tactic of **spear-phishing**. The cyber-assault is sophisticated, using legitimate documents as the targets.”

The article goes on to say, “The cyber-process is potentially connected to the North Korean Kimusky threat actors and it consists of sending victims trojanized documents via email. Furthermore, _the hackers utilize little-used file formats, which makes them difficult to detect by conventional antivirus products._”

Next we have Nigeria. Probably no surprise being on this list. _This time hackers attacked U.S. government employees. Not the brightest idea._

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2019/10/phishing-prevention-best-practices-2207.jpg) 

According to the[ Ridgewood blog](http://ridgewoodblog.net/government-employees-targeted-by-nigerian-phishing-attacks/), “Ogunremi and other conspirators perpetrated a **computer hacking and theft scheme** targeting United States government agencies’ email systems and Government Services Administration (GSA) vendors. The ring employed **phishing attacks**, which used fraudulent e-mails and websites that mimicked the legitimate e-mails and web pages of U.S. government agencies, such as the U.S. Environmental Protection Agency. _Unwitting employees of those agencies visited the fake web pages and provided their e-mail account usernames and passwords_.”

Continuing, “Ogunremi and his conspirators used these stolen credentials to access the employees’ e-mail accounts in order to place fraudulent orders or office products, typically printer toner cartridges, from vendors who were authorized to do business with U.S. government agencies.”

Finally, we have a new entrant in the international spear phishing cabal, Egypt. This time it wasn’t just a band of **rouge hackers phishing** people for money, but rather the _Egyptian government going after Egyptian journalists and lawyers. If you can’t trust your government…_

According to[ Reclaim the Net](https://reclaimthenet.org/egypt-government-phishing-attacks-journalists-lawyers/), “_It was revealed that 33 Egyptians living all across the world were targeted by the attackers_. Two out of these 33 Egyptians had recently been arrested as a part of the Egyptian government’s efforts to subdue anti-government protests.”

“It was further established that the cyber attackers employed a plethora of applications to lure individuals for obtaining details such as passwords, location data, and more.”

![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2019/10/prevent-spear-phishing-2397.jpg) 

Do you know what all three of the victims in this story have in common? They could have avoided their problems by deploying low-cost, cloud-based phishing email security with **real-time link click protection**.

If you work for a business. If you work for the government. If you’re a lawyer or a journalist, do yourself a favor. Invest in readily-available and easily-deployable [phishing protection](/) technology to protect yourself from these bad state actors, because they’re not going to stop.

If you’re not sure where to start, [check out our plans](/pricing/). It’s pennies per email a month, sets up in 10 minutes and you can try it free for 30 days. Don’t wait.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"You’ll Never Guess Who’s Behind the Latest Phishing Attacks","description":"You'll Never Guess Who's Behind the Latest Phishing Attacks: You might think that phishing emails from these \"third world\" countries would be unsophisticated.","url":"https://phishprotection.com/blog/youll-never-guess-whos-behind-the-latest-phishing-attacks/","datePublished":"2019-10-09T09:40:57.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-10-09T09:40:57.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/youll-never-guess-whos-behind-the-latest-phishing-attacks/"},"articleSection":"foundational","keywords":"Phishing","wordCount":487,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/10/phishing-prevention-best-practices-2207.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"You’ll Never Guess Who’s Behind the Latest Phishing Attacks","item":"https://phishprotection.com/blog/youll-never-guess-whos-behind-the-latest-phishing-attacks/"}]}
```