The campaign named “Compact”, the Cyber actors behind these phishing attacks have been operating this campaign since the beginning of 2020 and it is being estimated that the campaign has successfully been able to collect over 400,000 sensitive credentials from multiple companies.
The phishing campaign operators used Zoom invites as a lure along with an extensive list of email addresses and used this information in sending messages from hacked accounts on the SendGrid cloud-based email delivery platform. Since SendGrid is a trusted Simple Mail Transfer Protocol (SMTP) provider, the messages had very less chances of not reaching their destination and being blocked by email protection technology.
Researchers at WMC Global, makers of the PhishFeed real-time phishing intelligence service, highlighted some mistakes of the campaign operators. Those mistakes allowed them to analyze how the data has been moved from the phishing site into the hands of the operator.
Researchers analyzed that each phishing campaign successfully collected 3,700 credential addresses, which would make the total from various Compact campaigns around 400,000 unique credentials.
WMC Global stated that “Earlier operations used compromised SendGrid accounts to deliver the phishing emails and then moved to MailGun, a developer-centric email service with APIs that allows sending, receiving, and tracking messages”.
WMC believes “that the switch to a different service was determined by their collaboration with SendGrid to restore compromised accounts to the legitimate owners. Also, the phishing website of the Compact campaign had dis ..
Support the originator by clicking the read the rest link below.