01 May 20, 17:49
Quote:A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019.
Researchers attribute the campaign’s success to two parts: First, it leverages multiple Microsoft file-sharing services to convince victims to hand over their credentials. That includes Microsoft’s Sway platform used for newsletters and presentations (its use of Sway, in fact, inspired researchers to name the campaign “PerSwaysion”), as well as the SharePoint and OneNote collaboration platforms. Second, the initial phishing emails are sent from legitimate but previously compromised email addresses — which cloak the fact that they’re attacker-controlled.
Multiple threat groups are working together to carry out PerSwaysion, according to researchers.
“PerSwaysion campaign is yet another living example of highly specialized phishing threat actors working together to conduct effective attacks on a large scale,” said Feixiang He, senior threat intelligence analyst at Group-IB in a Thursday analysis.” The campaign phishing kit is primarily developed by a group of Vietnamese-speaking malware developers, while campaign proliferation and hacking activities are operated by other independent groups of scammers.”
The ongoing PerSwaysion campaign has targeted small- and medium-sized financial services companies, law firms and real estate groups across the U.S., Canada, Germany, the U.K. and other countries. Its impact is serious: Access to executives’ Office 365 accounts gives attackers a full range of top-level, sensitive corporate data, as well as the ability to launch subsequent phishing attacks on other high-profile targets.
Read more: https://threatpost.com/microsoft-sway-ab...ck/155366/