Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.
The corporate account credentials were stolen as part of a phishing campaign that kicked off in August 2020, targeting thousands of organizations worldwide.
As part of the campaign, the attackers were able to successfully bypass Microsoft Office 365 Advanced Threat Protection (ATP) filtering, which allowed them to harvest more than a thousand credentials from victims.
According to Check Point, the miscreants behind the campaign made a simple mistake that eventually resulted in the stolen credentials being publicly accessible on the Internet, “across dozens of drop-zone servers used by the attackers.”
Because of that, anyone could have used Google search to find the passwords for the compromised, stolen email addresses.
The attack started with phishing emails masquerading as Xerox notifications, attempting to lure victims into clicking on a malicious HTML attachment, which resulted in the browser displaying a blurred image.
JavaScript code running in the background, however, would perform password checks and send data to drop-zone servers controlled by the attackers, after which it would redirect the victim to a legitimate Office 365 login page.
Check Point also notes that the attackers continuously refined the code throughout the campaign, creating a more realistic experience, in an attempt to avoid any kind of suspicion from the victims and to ensure that their attacks can evade detection by antivirus vendors.
The cybercriminals employed both their own infrastructure to host domains used in the phishing attacks, and dozens of compromised WordPress webs ..
Support the originator by clicking the read the rest link below.
