Security News > 2020 > March > Russian Cyberspies Hacked High-Profile Email Accounts for Phishing
The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro's security researchers reveal.
For years, Pawn Storm has relied on phishing to gain access to systems of interest, but Trend Micro observed a shift in tactics, techniques, and procedures in May 2019, when the group started using the compromised email accounts of high-profile targets to send credential phishing emails.
The scheme was used both in 2019 and 2020, with email accounts belonging to defense companies in the Middle East being abused the most.
"The reason for the shift to the use of compromised email accounts of defense companies in the Middle East is unclear. Pawn Storm could be attempting to evade spam filtering at the cost of making some of their successful compromises known to security companies. However, we did not notice a significant change in successful inbox deliveries of the group's spam campaigns, making it difficult to understand the rationale behind the change in methodology," Trend Micro notes in a new report.
Last year, the group also engaged in the probing of email servers and Microsoft Exchange Autodiscover servers worldwide, mainly targeting TCP port 443, IMAP ports 143 and 993, POP3 ports 110 and 995, and SMTP ports 465 and 587.