HQ/EMEAFind out how we can help your business
Researchers discovered a new multi-stage AitM phishing and BEC campaign that targets financial firms and banking institutions. Based on reports, the attack emerged from an infected trusted vendor that shifted to a series of Adversary-in-the-Middle attacks.
Moreover, the recent campaign operators exploited the trusted relationship between vendors, suppliers, and other affiliate organisations to execute financial fraud.
The culprit of this recent AitM phishing and BEC attack uses a customised phishing tool.
According to investigations, the malicious threat group Storm-1167 developed a phishing campaign to execute their AitM phishing and BEC campaign.
Their attack commences through a phishing email from a trusted vendor, which stores a unique seven-digit code as the subject. The email contains an attached link to view or download a fax archive. However, this file is a malicious URL hosted on Canva.
The malicious link will redirect the targets to a phishing page once the malicious URL gets clicked. This page impersonates the Microsoft sign-on page hosted on the Tencent cloud infrastructure. Next, the attackers will initiate an authentication session with the targets’ credentials after they provide their password on the malicious landing page.
The phishing tool could allow the phishing operators to disseminate over 16,000 emails to the victim’s contacts as part of the second phase of the phishing campaign. In addition, the threat actors added a new SMS-based two-factor authentication method to the targeted account to sign in using the stolen credentials that attract any attention.
This incident occurred less than a month after Microsoft notified everyone regarding the increase of BEC attacks and evolving tactics from cybercriminals. In one campaign, the scammers purchased IP addresses from residential IP services. This method allowed them to access the victim’s account and harvest other credentials.
In another instance, a scammer launched a phishing-as-a-service platform to host phishing and BEC websites.
Cybersecurity experts recommend that compromised users reset their passwords to remediate the issue. Furthermore, enterprises should adopt robust authentication measures and adequately configure their mail systems to flag messages from sketchy sources.
Organisations should train employees to spot malicious emails to avoid phishing attacks and prevent BEC campaigns.
