Microsoft Defender uncovers new multi-stage phishing attack

Share post:

Microsoft Defender Experts have uncovered a new multi-stage phishing attack targeting banking and financial institutions. The attack, which is believed to be the work of a threat actor known as Storm-1167, uses a variety of techniques to compromise user accounts and steal sensitive financial information.

The attack starts with a technique called AiTM (Authentication in the Middle). The attacker tricks users into visiting a fake website that looks like a legitimate service’s login page. By doing this, they can steal sensitive information like usernames, passwords, and credit card details.

The attacker tricks the user by sending an email with a harmful link. When the user clicks the link, they are taken to a fake login page that looks real. If the user enters their login information, the attacker can steal their account details, like passwords and Social Security numbers. They can also install malware on the user’s computer to gather more information, such as credit card numbers and bank statements.

To control the victim’s account longer, the attacker changes the account settings and adds a new authentication method without needing to re-authenticate. Then, they target the victim’s contacts by launching a large-scale phishing campaign.

The attacker uses information from previous emails to make the emails seem legitimate. They even resend to skeptical recipients, falsely confirming the emails’ legitimacy. To avoid detection, they delete undelivered, and out-of-office replies systematically.

The sources for this piece include an article in TechRepublic.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways