In early 2025, Japan experienced a significant increase in phishing attacks, primarily attributed to the CoGUI phishing kit. This sophisticated toolkit, associated with Chinese-speaking threat actors, has been employed to send over 580 million phishing emails between January and April 2025.
How CoGUI Operates
CoGUI is a highly evasive phishing framework that uses advanced techniques such as geofencing, header fencing, and browser fingerprinting to avoid detection. It selectively targets specific geographic regions, making it a significant threat to potential victims in the targeted countries.
The phishing emails often impersonate well-known companies like Amazon, Rakuten, PayPay, and Japan’s national tax agency. They typically contain urgent subject lines prompting recipients to take immediate action, such as updating account information or verifying identity. Upon clicking the links, victims are redirected to fake login pages designed to steal usernames, passwords, and payment information.
Impact on Japan
Japan has become one of the most targeted countries in Proofpoint’s data based on campaign volume. In January alone, Proofpoint tracked 172 million phishing messages launched through CoGUI . The Financial Services Agency of Japan has reported that several securities firms have been affected, with fraudulent transactions totaling hundreds of millions of dollars.
Recommendations for Protection
To safeguard against CoGUI phishing attacks, individuals and organizations should:
- Educate Employees: Conduct regular training sessions to recognize phishing attempts and understand the risks associated with them.
- Implement Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it more difficult for attackers to gain unauthorized access.
- Use Advanced Email Filtering: Employ email security solutions that can detect and block phishing emails before they reach the inbox.
- Verify Suspicious Communications: Always verify the authenticity of unexpected emails or messages by contacting the organization directly through official channels.
At AUMINT.io, we specialize in providing comprehensive cybersecurity solutions to protect organizations from evolving threats like CoGUI. Our services include phishing simulations, employee training, and advanced threat detection systems.
📅 Book a free strategy session with our experts to strengthen your organization’s defenses against phishing attacks.