Hacked SendGrid Accounts used In Phishing Attacks To Steal Logins

Hacked SendGrid Accounts used In Phishing Attacks To Steal Logins
A new cyber campaign has come to known as a phishing attack. Outlook Web Access and Office 365 services users are being targeted. The campaign collected the credentials of thousands of customers relying on trusted domains such as SendGrid. 

The campaign named “Compact”, the Cyber actors behind these phishing attacks have been operating this campaign since the beginning of 2020 and it is being estimated that the campaign has successfully been able to collect over 400,000 sensitive credentials from multiple companies. 

The phishing campaign operators used Zoom invites as a lure along with an extensive list of email addresses and used this information in sending messages from hacked accounts on the SendGrid cloud-based email delivery platform. Since SendGrid is a trusted Simple Mail Transfer Protocol (SMTP) provider, the messages had very less chances of not reaching their destination and being blocked by email protection technology. 

Researchers at WMC Global, makers of the PhishFeed real-time phishing intelligence service, highlighted some mistakes of the campaign operators. Those mistakes allowed them to analyze how the data has been moved from the phishing site into the hands of the operator. 

Researchers analyzed that each phishing campaign successfully collected 3,700 credential addresses, which would make the total from various Compact campaigns around 400,000 unique credentials. 

WMC Global stated that “Earlier operations used compromised SendGrid accounts to deliver the phishing emails and then moved to MailGun, a developer-centric email service with APIs that allows sending, receiving, and tracking messages”. 

WMC believes “that the switch to a different service was determined by their collaboration with SendGrid to restore compromised accounts to the legitimate owners. Also, the phishing website of the Compact campaign had dis ..

Support the originator by clicking the read the rest link below.