Security News > 2020 > April > Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

Dubbed 'PerSwaysion,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services-including Sway, SharePoint, and OneNote-to launch highly targeted phishing attacks.

According to a report Group-IB Threat Intelligence team published today and shared with The Hacker News, PerSwaysion operations attacked executives of more than 150 companies around the world, primarily with businesses in finance, law, and real estate sectors.

Like most phishing attacks aiming to steal Microsoft Office 365 credentials, fraudulent emails sent as part of PerSwaysion operation also lured victims with a non-malicious PDF attachment containing 'read now' link to a file hosted with Microsoft Sway.

Once stolen, attackers immediately move on to the next step and download victims' email data from the server using IMAP APIs and then impersonate their identities to further target people who have recent email communications with the current victim and hold important roles in the same or other companies.

"Finally, they generate new phishing PDF files with the current victim's full name, email address, legal company name. These PDF files are sent to a selection of new people who tend to be outside of the victim's organization and hold significant positions. The PerSwaysion operators typically delete impersonating emails from the outbox to avoid suspicion."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/75vteDj6q1s/targeted-phishing-attacks-successfully.html