new one Phishing campaign targeting users of Microsoft Outlook Email service being used extensively, warn cyber security researchers Zsklar ThreatLabs in a report. According to ThreatLabs, the main target of this campaign is corporate users of Microsoft’s email services.
As per the report, the new phishing kit uses an advisory-in-the-middle (AiTM) model, which can help evade detection. Network Security and Email Security. The AITM model can also allow a phishing attack to bypass multi-factor authentication protection.
These phishing attacks start with E-mail Malicious links are being sent to targeted individuals. In some cases, business emails from executives are first compromised and then used to target multiple individuals.
“Based on our cloud data telemetry, the majority of target organizations were in fintech, lending, finance, insurance, accounting, energy and federal credit union industries. This is not an exhaustive list of target industry sectors. Most of the targeted organizations were located in the United States, United Kingdom, New Zealand and Australia,” the report said.
The report also lists some “interesting domain name patterns” which are as follows:
Legitimate federal credit union domain name: crossvalleyfcu[.]organization
Attacker-registered domain name: crossvalleyfcv[.]organization
Valid federal credit union domain name: triboro-fcu[.]organization
Attacker-registered domain name: triboro-fcv[.]organization
Valid Federal Credit Union Domain Name: Cityfederalcu[.]com
Attacker-Registered Domain Name: Cityfederalcv[.]com
Valid federal credit union domain name: portconnfcu[.]com
attacker-registered domain name: portconnfcuu[.]com
Valid federal credit union domain name: oufcu[.]com
attacker-registered domain name: oufcv[.]com
Keywords related to “password reset” and “password expiration”
According to the report, keywords related to “password reset” and “password expiration” reminders were used in some domain names. It is possible that the theme of the related phishing email is also related to such keywords
endrequest-mailaccess[.]com
Expiration Request – Password Reminder[.]com
email access-password information[.]com
Email Access Expiry Notification[.]com
The report emphasizes that there are many other domains involved in this active campaign, and not all of them follow a certain pattern.
FacebookTwitterinstagramKu APPyoutube