Researchers are warning of a coordinated attack that is targeting the Microsoft Office 365 login credentials of numerous enterprise organizations. The criminals behind the attack are leveraging hundreds of compromised, legitimate email accounts to target users with malicious documents that are designed to harvest their credentials. The researchers at Abnormal Security state “The widespread use of hundreds of compromised accounts and never-seen-before URLs indicate the campaign is designed to bypass traditional threat intelligence solutions accustomed to permitting known but compromised accounts into the inbox.” The attack starts by convincing email recipients that they received an email that impersonates companies like eFax and directs the user to click on an attachment that redirects the user to an official-looking page designed to harvest credentials. This technique makes detection difficult because as soon as one email is caught, the attackers appear to be running a script that changes the attack to a new impersonated sender and phishing link to continue that campaign.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased