Security News > 2021 > March > Hacked SendGrid accounts used in phishing attacks to steal logins
A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid.
Using Zoom invites as a lure and an extensive list of email addresses, the operators of the phishing campaign delivered messages from hacked accounts on the SendGrid cloud-based email delivery platform.
Researchers at WMC Global, makers of the PhishFeed real-time phishing intelligence service, capitalized on some mistakes of the threat actor that allowed them to analyze how the credentials moved from the phishing site into the hands of the operator.
Earlier operations used compromised SendGrid accounts to deliver the phishing emails and then moved to MailGun, a developer-centric email service with APIs that allows sending, receiving, and tracking messages.
WMC Global says that the latest email campaigns were noisy enough to attract attention but the tactics, techniques, and procedures observed point to other campaigns that used different phishing themes.
In their technical analysis today, the WMC Global Threat Intelligence Team also released a set of indicators of compromise that include locations for storing media files used in the campaigns, hashes, and a long list of phishing sites.
News URL
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)