Attackers carry out Phishing Attacks Using ‘Multi-persona Impersonation’

Share post:

According to Proofpoint’s researchers, attackers are now using a “multi-persona impersonation’ phishing technique to trick victims into believing it is a realistic email conversation. For the MPI phishing technique, attackers use multiple personas and email accounts.

The phishing technique is used by the Iranian threat group TA453. This technique is cumbersome and requires a great deal of effort from the attackers to carry out the attack, because each target must be involved in a sophisticated realistic conversation conducted by fake personas, or sock puppet.

The technique is valuable, however, because it creates a realistic exchange of e-mails that makes the conversation seem legitimate.

After analyzing various case scenarios in which the technique was used, the researchers discovered that the attackers used personal email addresses from Gmail, Outlook, AOL, Hotmail for both senders and CCed persons instead of addresses from the fake institutions.

The document victims were tricked into downloading via OneDrive links in TA453’s malicious campaign are password-protected files that perform template injection.

“The downloaded template, dubbed Korg by Proofpoint, has three macros: Module1.bas, Module2.bas, and ThisDocument.cls. The macros collect information such as username, list of running processes along with the user’s public IP from my-ip.io and then exfiltrates that information using the Telegram API,” the report explains.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways