The Guardian’s SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique “codenames” for sources who submitted information using the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim’s device.
When a source wishes to submit confidential information to the media outlet’s journalists, they receive a codename that can then be used for further communication. This codename is meant to be private as anyone who knows it can see the source’s past communications with journalists.
Once the attackers gain access to a source’s codename, they can then login with it on The Guardian’s real SecureDrop site and impersonate the source and steal information and communications.
Exposure of sensitive information