Attackers carry out Phishing Attacks Using ‘Multi-persona Impersonation’

Share post:

According to Proofpoint’s researchers, attackers are now using a “multi-persona impersonation’ phishing technique to trick victims into believing it is a realistic email conversation. For the MPI phishing technique, attackers use multiple personas and email accounts.

The phishing technique is used by the Iranian threat group TA453. This technique is cumbersome and requires a great deal of effort from the attackers to carry out the attack, because each target must be involved in a sophisticated realistic conversation conducted by fake personas, or sock puppet.

The technique is valuable, however, because it creates a realistic exchange of e-mails that makes the conversation seem legitimate.

After analyzing various case scenarios in which the technique was used, the researchers discovered that the attackers used personal email addresses from Gmail, Outlook, AOL, Hotmail for both senders and CCed persons instead of addresses from the fake institutions.

The document victims were tricked into downloading via OneDrive links in TA453’s malicious campaign are password-protected files that perform template injection.

“The downloaded template, dubbed Korg by Proofpoint, has three macros: Module1.bas, Module2.bas, and ThisDocument.cls. The macros collect information such as username, list of running processes along with the user’s public IP from my-ip.io and then exfiltrates that information using the Telegram API,” the report explains.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways