Microsoft 365 Credentials Targeted In Phony Voicemail Campaign

Share post:

A new phishing campaign targeting the U.S. military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors has been stealing Microsoft Office 365 and Outlook credentials.

The threat actor behind this operation uses fake voicemail notifications to lure victims into opening a malicious HTML attachment.

As per researchers at cloud security firm ZScaler, this newly discovered campaign shares tactics, techniques, and procedures (TTPs) with a similar operation that came out in mid-2020.

The cybercriminals use Japanese email services to route their messages and spoof the sender’s address, making them appear legitimate.

The email has an HTML attachment that is named with a music note character to make it seem as if the file is a sound clip. In reality, the file contains obfuscated JavaScript code that leads the victim to a phishing site.

The redirection process initially leads the victim to a CAPTCHA check, which increases the illusion of legitimacy for the victims. Once the user finishes this step, they are redirected to a legitimate-looking phishing page that steals Microsoft Office 365 credentials.

Vigilant users would notice that the domain of the login page is not from Microsoft nor their organization’s and is one of the following:

  • briccorp[.]com
  • bajafulfillrnent[.]com
  • bpirninerals[.]com
  • lovitafood-tw[.]com
  • dorrngroup[.]com
  • lacotechs[.]com
  • brenthavenhg[.]com
  • spasfetech[.]com
  • mordematx[.]com
  • antarnex[.]com

Hence, users should always check and confirm that they are on a real login portal and not a phony one before they begin to enter their credentials

Voicemail-themed phishing via HTML attachments has been used since 2019, but it still manages to victimize careless users.

For more information, read the original story in Bleepingcomputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways