In a recent disclosure, the Carlton Club - one of London’s most exclusive membership-only clubs - found themselves a victim of a targeted phishing/whaling campaign, purporting to be a genuine email sent by the club’s fundraising political committee.

Contained within the email was a file called “donations funding”, using a lure which is relevant and interesting to its targets. Interacting with the attached file connects to a Russian command-and-control server.

The Carlton Club is historically known for providing the setting of a Conservative-led coup in the 1920s. The high-profile nature of the members gives credence to the theory that this is a targeted campaign towards those involved in the recent election process.

The attack has all the hallmarks of a ‘whaling’ attack. A whaling attack is a type of spear-phishing attack directed at high-level executives where attackers masquerade as legitimate, known and trusted entities and encourage a victim to share highly sensitive information or to send a wire transfer to a fraudulent account.

In a whaling attack, attackers send an email that looks and seems like a legitimate email from a trusted source, often a contact within the company or with a partner, vendor, or customer account.

A whaling email will contain enough personal details or references gleaned from internet research to convince the recipient that it is legitimate. Whaling attacks may also ask a user to click on a link that leads to a spoofed website that looks identical to a legitimate site, where information can be collected, or malware can be downloaded.

In a whaling attack, victims may be encouraged to share sensitive data like payroll information, tax returns or bank account numbers, or they may be asked to authorise a wire transfer to a bank account that turns out to be fraudulent.

For attackers, the goal of a whaling attack is usually to steal money or data, or to get access to networks that can yield much larger ill-gotten gains.

MPs have recently been targeted in a number of varied attacks, including honeytrap and phishing campaigns, and so targeting a club which is frequented by Conservative party members is not surprising.

A former senior military intelligence officer adds that “this is a concerning development and yet another indication that we are effectively at cyber-war with Russia”.

Across the pond in the US, China are being held responsible for interfering with the Presidential elections via influence operations and misinformation campaigns. Whilst China has repeatedly denied any interference in elections, they have been accused of such behaviour previously in other countries, such as Canada back in 2019 and 2021.

In these instances, China leveraged Canadian officials to help favoured candidates win in the elections.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).