Security News > 2020 > June > Microsoft 365 phishing campaign exploits Samsung, Adobe, and Oxford University
In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website.
Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.
The sent email itself claims to offer missed voice mail related to the recipient's Office 365 account with references to Office 365 and Microsoft and even a phony "Message from Trusted server" notice at the top.
Offered by Adobe to email marketers, Adobe Campaign has been exploited in other phishing attempts to add legitimacy to URLs used in malicious messages.
In this instance, the link in the email directs people to an Adobe server used by Samsung during a 2018 Cyber Monday marketing campaign.
News URL
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)