Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK and JFK files. Learn more about these attacks and how to stay safe online.
Cybersecurity researchers at Veriti have discovered a cyber threat campaign targeting the release of declassified JFK (John F. Kennedy), RFK (Robert F. Kennedy Jr.), and MLK (Martin Luther King Jr.) files. Cybercriminals are, reportedly, exploiting public fascination with these historical documents to conduct various malicious activities, including malware distribution, phishing schemes, and vulnerability exploits. As media attention on the files increased, Veriti Research noted the rapid creation of potentially malicious online infrastructure.
Shortly after the file release announcement, several suspicious domain names were registered, mimicking legitimate sources related to the JFK files. These included variations of “thejfkfiles” and “rfkfiles” with different domain extensions. Here are some of the suspicious domains identified by the Veriti Research team in its report:
- hejfkfilescom – Registered on January 23
- jfk-filescom – Registered on January 23
- rfkfilescom – Registered on January 24
- jfk-filesorg – Registered on January 25
The timing and naming conventions of these domains suggest they could be used for phishing, malware delivery, or social engineering attacks aimed at stealing user credentials. Veriti Research outlined several likely attack vectors based on their findings. These include:
- Embedding malware within files disguised as official JFK document releases, potentially infecting devices with various malicious software.
- Fake websites mimicking official government or media sources are also anticipated, designed to trick users into downloading harmful files or revealing sensitive information.
- Exploiting browser vulnerabilities through malicious websites is another concern, potentially allowing attackers to compromise systems simply by users visiting compromised sites.
- Email phishing campaigns, with emails posing as reputable institutions or individuals offering exclusive access to the files, likely containing malicious attachments or links.
This aligns with Hackread.com’s previous reports highlighting how cybercriminals quickly exploit major public events, such as COVID-19 scams, the Gaza crisis, the California wildfire and more.
Moreover, last year Check Point Research reported that cybercriminals were exploiting Deepfake technology to conduct electoral fraud such as manipulating voters and sabotaging the entire electoral process. The image demonstrates the rapid adaptability of cybercriminals to real-world events.
These incidents highlight the need for cyber resilience against social engineering, as attackers understand that heightened curiosity and urgency can lower people’s guard. Veriti Research stressed the importance of verifying information sources and only accessing the declassified files through official channels like the National Archives.
