Threat actors are very intelligent when it comes to infiltrating and phishing, but this doesn’t mean they won’t make mistakes. Researchers at two security firms published a combined report where they analyzed threat actors behind a lengthy phishing campaign left over 1,000 login credentials for Office 365 accounts exposed.
The phishing scam has lasted over 6 months and uses multiple sites to host their phishing pages.
The campaign itself was quite successful for the threat actors as they made their way around general email protection, but the stolen credentials were publicly available by simply doing a Google search. The credentials were published on a public file of which Google could index.
Those behind the attack also compromised WordPress servers so they could host the PHP page given to victims of the campaign. Using emails, the threat actors collected login and password information with fake forms. One instance discovered by the security researchers was a Xerox scan within an HTML link.
Be wary of what you’re clicking on and realize these are the types of intrusions where entire networks can be taken down. No organization wants to experience widespread disruption because it can halt operations and diminish brand value. Leave the protection of your data and environment to a trusted firm like SpearTip.
SpearTip’s Security Operations Center (SOC) specializes in preventing malware from entering networks. Our engineers work 24/7 hours a day to monitor environments for malicious activity. As threat actors continue to be pervasive, we will remain attentive to their evolution.
If your organization experiences a breach, call our incident response hotline at 833.997.7327.