Microsoft 365 Credentials Targeted In Phony Voicemail Campaign

Share post:

A new phishing campaign targeting the U.S. military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors has been stealing Microsoft Office 365 and Outlook credentials.

The threat actor behind this operation uses fake voicemail notifications to lure victims into opening a malicious HTML attachment.

As per researchers at cloud security firm ZScaler, this newly discovered campaign shares tactics, techniques, and procedures (TTPs) with a similar operation that came out in mid-2020.

The cybercriminals use Japanese email services to route their messages and spoof the sender’s address, making them appear legitimate.

The email has an HTML attachment that is named with a music note character to make it seem as if the file is a sound clip. In reality, the file contains obfuscated JavaScript code that leads the victim to a phishing site.

The redirection process initially leads the victim to a CAPTCHA check, which increases the illusion of legitimacy for the victims. Once the user finishes this step, they are redirected to a legitimate-looking phishing page that steals Microsoft Office 365 credentials.

Vigilant users would notice that the domain of the login page is not from Microsoft nor their organization’s and is one of the following:

  • briccorp[.]com
  • bajafulfillrnent[.]com
  • bpirninerals[.]com
  • lovitafood-tw[.]com
  • dorrngroup[.]com
  • lacotechs[.]com
  • brenthavenhg[.]com
  • spasfetech[.]com
  • mordematx[.]com
  • antarnex[.]com

Hence, users should always check and confirm that they are on a real login portal and not a phony one before they begin to enter their credentials

Voicemail-themed phishing via HTML attachments has been used since 2019, but it still manages to victimize careless users.

For more information, read the original story in Bleepingcomputer.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways