“Dozens” of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks.
“Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee’s account and executed an ‘adversary-in-the-middle’ attack to bypass Office365 authentication and gain persistence access to that account,” Sygnia researchers said in a report shared with The Hacker News.
The findings come less than a week after Microsoft detailed a similar combination of an AitM phishing and a BEC attack aimed at banking and financial services organizations.
BEC scams typically entail tricking a target over email into sending money or divulging confidential company information. Besides personalizing the emails to the intended victim, the attacker can also impersonate a trusted figure to achieve their goals.
In the attack chain documented by Sygnia, the attacker was observed sending a phishing email containing a link to a purported “shared document” that ultimately redirected the victim to an AitM phishing page designed to harvest the entered credentials and one-time passwords.
The Israeli cybersecurity company further said the phishing mails spread in a “worm-like fashion” from one targeted firm to the other and among employees within the same company. The exact scale of the campaign is currently unknown.
The development comes as Bolster disclosed a widespread brand impersonation scam campaign that leverages over 3,000 copycat domains to entice users into providing email, password, and credit card details.
Source: https://thehackernews.com/
