Hackread reports that organizations and individuals across Florida have been subjected to various cybersecurity threats exploiting relief efforts in the aftermath of Hurricane Helene and ahead of Hurricane Milton.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency (FEMA) assistance providers to create fake claims that enabled relief fund and personal data theft.
Attackers shared these strategies in BlackBones and other cybercrime forums, according to a Veriti analysis. Threat actors have also distributed malicious payloads through spoofed FEMA documents, including a PDF document referencing the agency's Grants Manager and Grants Portal systems that redirected to a website that facilitates malware compromise.
Despite the absence of any active compromise using the malware-laced FEMA documents, Veriti researchers urged increased vigilance on the threat.