1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Phishing attackers are now using multiple email accounts to start

    From TechnologyDaily@1337:1/100 to All on Wed Sep 14 13:15:04 2022
    Phishing attackers are now using multiple email accounts to start group conversations with you

    Date:
    Wed, 14 Sep 2022 11:51:42 +0000

    Description:
    Hackers are dragging victims into fake email conversations to lure them into downloading malware.

    FULL STORY ======================================================================

    Iranian state-sponsored hackers have come up with a new sleazy trick to get people into downloading malicious attachments, researchers are warning.

    Cybersecurity experts from Proofpoint found the TA453 threat actor, allegedly linked to the Islamic Revolutionary Guard Corps (IRGC), is engaging in multi-persona impersonation, or sock-puppeting, to get victims into downloading malware .

    In other words, theyre having email conversations with themselves, while letting the victims listen on the sides, before tricking them into
    downloading a file that wasnt even necessarily sent to them. Faking a conversation

    Heres how it works: the threat actors would create multiple fake email accounts, stealing the identities of scientists, directors, and other high-profile individuals. Then, theyd send an email from one of the addresses to the other, CC-ing the victim in the process. A day or two later, theyd reply to that email, from the second address that also belongs to them.

    That way the victim, essentially caught in the middle of an email thread, could lower their guard and get a fake sense of legitimacy about the whole thing. After a short back-and-forth, one of the participants would send an attachment to other participants, and should the victim download and run it
    on their endpoints , theyd get a .DOCX file filled with dangerous macros.
    Read more

    What is phishing and how dangerous is it?


    SaaS platforms are facing more phishing attacks than ever


    This Facebook Messenger phishing scam may have trapped millions of users

    The biggest red flag in this campaign is the fact that all of the emails used in the attack are created on major email providers, such as Gmail, Outlook,
    or Hotmail, instead of being on the domains of the impersonated institutions.

    "The downloaded template, dubbed Korg by Proofpoint, has three macros: Module1.bas, Module2.bas, and ThisDocument.cls," the researchers explained. "The macros collect information such as username, list of running processes along with the user's public IP from my-ip.io and then exfiltrates that information using the Telegram API."

    Although they couldnt verify it, the researchers believe that the threat actors engage in additional exploitation further down the road. Here-s our rundown of the best firewalls today



    ======================================================================
    Link to news story: https://www.techradar.com/news/phishing-attackers-are-now-using-multiple-email -accounts-to-start-group-conversations-with-you/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)