This Microsoft 365 spear-phishing campaign has been running riot for over a year

Cybersecurity researchers at Microsoft have shared extensive details about a long-running highly evasive spear- phishing campaign that ha...

Cybersecurity researchers at Microsoft have shared extensive details about a long-running highly evasive spear-phishing campaign that has targeted Office 365 customers since at least July 2020.

In a blog post, the Microsoft 365 Defender Threat Intelligence Team shares that the campaign began with the objective of harvesting usernames, and passwords, but has since moved on to collate other information such as IP addresses and the location of its victims, which the attackers supposedly use in later infiltration attempts.

“This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving,” the researchers note.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Since the campaign includes various details about the targets, such as their email address and company logo to appear genuine, Microsoft believes the attackers had garnered these details during an earlier reconnaissance exercise.

Constantly evolving threat

The security researchers note that this campaign is also a prime example of how email-based attacks continue to make novel attempts to bypass email security solutions.

For instance, to keep the security teams on their toes, the attackers changed obfuscation and encryption mechanisms every 37 days on average.

This campaign uses multilayer obfuscation and encryption mechanisms for known existing file types, such as JavaScript, as well as multilayer obfuscation in HTML to evade browser security solutions.

“These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments,” share the researchers, noting that some of the code segments of the campaign reside in various open directories and are called by encoded scripts.

Comparing it to a jigsaw puzzle, the researchers noted that the pieces of the campaign appear harmless individually, and only reveal their sinister intent once they are combined.



from TechRadar - All the latest technology news https://ift.tt/3CEqOxg
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This Microsoft 365 spear-phishing campaign has been running riot for over a year
This Microsoft 365 spear-phishing campaign has been running riot for over a year
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/08/this-microsoft-365-spear-phishing.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/08/this-microsoft-365-spear-phishing.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy