Massive Phishing Campaign Targets Microsoft
Hackers Hijack Executives’ Email Accounts
A freshly launched phishing campaign has taken Microsoft by storm this week, the massive hack is targeting the tech giant’s email service credentials. According to Zscaler analysts, the rise of sophisticated phishing attempts and their fixation on Microsoft services started in early June this year.
According to the latest updates on the hackers campaign’s goal was to breach corporate accounts. This would allow the threat actors to conduct BEC (business email compromise) attacks, where they would divert payments to bank accounts under their control with forged documents.
This massive security breach could be simply carried out by employing a custom proxy-based phishing kit. Once the hackers are able to circumvent the breached accounts multi-factor authentication, it would be fair game.
Financial Institutions Targeted
So far, this campaign has rocked several financial organizations such as lending, insurance, fin-techs, and Federal Credit Union organizations in the United States, United Kingdom, New Zealand, and Australia. Many of the registered domains used for the campaign are not only new but barely weeks old. Above all, the registered URLs seems to be typo-squatted versions of legitimate Federal Credit Unions in the United States as well.
Another thing to note is that several of these phishing emails are originated from the accounts of executives working in these organizations, which means the criminal hackers had already compromised some top executives’ email accounts, and are disguising as the victims of the hacked email accounts.
The redirections then took place through honest web resources, allowing them to evade emails and internet security tools rather than the usual Snapchat, DoubleClick, and Google Ads mediums. In addition, Glitch and CodeSandbox are other tools that were heavily used in this campaign, most likely to assist in creating new redirection routes.
Victims Prime Targets
By using code editing and hosting services, the hackers used sites intended for legitimate use, to create new code pages, paste in their redirect code with the latest phishing site’s URL, and then email the link to the hosted redirect code to victims en masse.
The minute the victim arrives at the phishing page, JavaScript fingerprints them to determine whether the target is on a virtual machine or a normal device. This restricts access to the phishing page to legitimate targets rather than security software and researchers – making the victims of this phishing hack always, 100% prime targets.
