Security News > 2020 > June > Microsoft 365 phishing campaign exploits Samsung, Adobe, and Oxford University
In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website.
Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.
The sent email itself claims to offer missed voice mail related to the recipient's Office 365 account with references to Office 365 and Microsoft and even a phony "Message from Trusted server" notice at the top.
Offered by Adobe to email marketers, Adobe Campaign has been exploited in other phishing attempts to add legitimacy to URLs used in malicious messages.
In this instance, the link in the email directs people to an Adobe server used by Samsung during a 2018 Cyber Monday marketing campaign.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)