According to Group-IB report, during the last few months cybercriminals have breached the email accounts of more than 150 executives in different companies.
The group, codenamed PerSwaysion, did target financial sector mostly. They sent boobytrapped emails to executives at targeted companies in the hope of tricking high-ranking executives into entering Office 365 credentials on fake login pages.
Group-IB describes a scheme used:
1. Victims receive an email with empty PDF attached
2. If they open this PDF they will be asked to click on the link to see a content
3. Link will redirect users to Microsoft Sway page with another link
4. The last link will redirect victims to a page `’similar’ to Microsoft Outlook login page where attacker will collect their credentials
5. Once credentials are stolen attackers will download victim’s email data using IMAP APIs and will target all victim’s contacts with phishing PDF file contained victim’s credentials
Group-IB has setup a webpage where everyone can check if their email was compromised.
Group-IB describes a scheme used:
1. Victims receive an email with empty PDF attached
2. If they open this PDF they will be asked to click on the link to see a content
3. Link will redirect users to Microsoft Sway page with another link
4. The last link will redirect victims to a page `’similar’ to Microsoft Outlook login page where attacker will collect their credentials
5. Once credentials are stolen attackers will download victim’s email data using IMAP APIs and will target all victim’s contacts with phishing PDF file contained victim’s credentials
Group-IB has setup a webpage where everyone can check if their email was compromised.
No comments:
Post a Comment