The setup of Phishing websites before OSCARS 2021

Phishing Scam in Oscars 2021

This article is written by Kaspersky SEA.

On April 25th, the world  experienced the long awaited 93rd Academy Awards, also known as the Oscars 2021. With all the restrictions driven by coronavirus, the organizers were looking to make the virtual ceremony as thrilling as possible. And while the ceremony travels around the globe, in the online world, fraudsters are set to take full advantage the interest by spreading malicious files disguised as the best picture nominees.

Phishing Websites behind The OSCARS

In the hope of watching an Oscar-nominated movie, users visited a site where they were shown the first few minutes of the film before being asked to register to continue watching. During the registration, to confirm their region of residence, the victim was asked to enter their bank card details. After some time, money was debited from the card, and as expected, the film did not continue to play. This type of phishing is wide spread and considered to be one of the most popular among scammers. 

Phishing is Scam

Kaspersky experts have found various phishing websites offering to stream Oscar-nominated movies for free before the presentation of the awards, but these end up stealing users’ credentials. We have also analyzed malicious files behind 2021’s Oscar nominees. As a result, the company’s researchers have found around 80 files mimicking the movies up for Best Picture.

Analyzing the malware detected during the past year, Kaspersky experts found that almost 70% of malicious files are only disguised as three movies: Promising Young Woman, Judas and the Black Messiah, and the Trial of the Chicago 7. Biographical drama Judas and the Black Messiah was the most used source to spread malicious files –malware related to this film takes 26% out of the total infected files. 

“Cybercriminals have always tried to monetize users’ interest in various sources of entertainment, including movies. We see that big events in the film industry can boost some interest from the cybercriminal community, but today this type of malicious activity is not as popular as it used to be. Nowadays, more and more people are switching to streaming services, which are more secure because they do not require downloading files. Still, films serve as a popular lure to spread phishing pages and spam emails. These attacks are preventable, and users should be alert to the sites they visit,” comments Anton V. Ivanov, who is a security expert at Kaspersky

To avoid falling victim to a malicious programs and scam, Kaspersky advises users to:

      1. Check the authenticity of websites before entering personal data and only use official webpages to watch or download movies. Double-check URL formats and company name spellings.
      2. Pay attention to the extensions of the files that you are downloading. A video file will never have an .exe or .msi extension.
      3. Use a reliable security solution, such as Kaspersky Total Security  that identify malicious attachments and blocks phishing sites.
      4. Avoid links promising early viewings of content, and if you have any doubts about the authenticity of content check it with your entertainment provider.

Microsoft was also breached in recent SolarWinds(software company) hack

This is a news summary of Microsoft confirms it was also breached in recent SolarWinds supply chain hack from ZDNet.com, published on 17 December 2020.

This is related to a previous news of U.S. Government Hacked!

Cyber Attack

The state-sponsored attack on SolarWinds has also broke into Microsoft’s internal network and what is even stumbling is Microsoft’s own products are used to further attack against others companies as well, Reuters reported.

This news came after US Cybersecurity and Infrastructure Agency (CISA) had published an alert on the SolarWinds supply chain attack and its impact on government agencies, critical infrastructure entities, and private sector organizations.

You can read the about the alert here: CISA Alert.

CISA mentioned that “evidence of additional initial access vectors, other than the SolarWinds Orion platform.”

2 reportings from Reuters about Microsoft hack did not bring up what Microsoft products are affected by the attack.

The Microsoft’s unedited statement is:

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”

As of the time of this news published, most of these victims are US government agencies and the only private company is cybersecurity firm FireEye.

As per article, both FireEye and Microsoft provided extensive reports of how the breach happened and involved in an operation to sinkhole the domain avsvmcloud[.]com used in the SolarWinds hack.

U.S. government hacked!

This is a summary of a news: Explainer-U.S. government hack: espionage or act of war? from Reuters.com, published on December 19, 2020.

Here we go.

The suspected Russian’s cyber intrusion of US government agencies has made lawmakers coming with statements like U.S. Senator Dick Durbin calling it “virtually a declaration of war” and U.S. Senator Marco Rubio saying that “America must retaliate, and not just with sanctions.”

However, according to cybersecurity and legal experts, under the international law, it would not be considered as an act of law but more of an act of espionage.

What do we know about the hack?


Malicious code was inserted into updates that are provided for SolarWinds customers. As reported by Reuters, the hackers were able to explore the computer networks of private companies, think tanks, and government agencies.

It seemed that hack was done by Russia’s foreign intelligence service though Moscow has denied any possible involvement.

The hackers are known to have gained access to email or other data within several U.S. government agencies including Commerce Department, Treasury Department, and Department of Energy.

A spokeswoman from Energy Department said malware had been “isolated to business networks only” and had not impacted U.S. national security.

was the hack an ‘act of war?


United Nations resolutions and other sources of international law require a certain level of force or destruction.

According to Duncan Hollis, a professor of law at Temple University “Warfare implies violence, death and destruction,”

Hollis and other experts said the attack’s modus operandi to steal sensitive U.S. information and it should be viewed as espionage.

If any cyber-attack that has a nature of cyber-kinetic attack, then it qualifies as an act of war. A cyber-kinetic attack can bring unwanted damages to physical assets and human lives.

As per the news article, a kinetic attack is such that could “trigger a nuclear plant meltdown; open a dam above a populated area, causing destruction; or disable air traffic control services, resulting in airplane crashes.”

Is there any precedent for the hack?


2014 – A hack that targeted the U.S. government’s personnel agency, the Office of Personnel Management, exposed sensitive personal information of millions of current and former federal employees and contractors. 

2017 – A hack known as “NotPetya,” have crippled ports by paralyzing the shipping giant A.P. Moller-Maersk and other global corporations.

How might the united states respond?


A manual from the Defense Department says if it is not an act of force, then United cannot use force to respond to a cyber operation.

The same manual also mentions that United States could use “a diplomatic protest, an economic embargo, or other acts of retorsion”

Reporting by Jan Wolfe, Brendan Pierson, Raphael Satter and Michelle Nichols; Editing by Noeleen Walder and Daniel Wallis.