Security News > 2022 > March > Massive phishing campaign uses 500+ domains to steal credentials
Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.
Security researchers at cyber intelligence company Prevailion earlier this year identified a massive phishing operation focused on collecting credentials of Naver users.
Us - shared by Joe S?owik, which opened the door to a "Vast network of targeted phishing infrastructure designed to harvest valid login credentials for Naver."
From the initial email address, Prevailion was able to find another cluster of 58 phishing domains resolving to 23.81.246[.]131, an IP address that proved critical in establishing the initial connection between Naver credential phishing and the infrastructure associated with TrickBot.
In the report today, Prevailion provides additional indicators connecting the Naver phishing domains to TrickBot infrastructure revealed in public research from RiskIQ and Microsoft.
The researchers say that their findings are suggesting that the Naver phishing activity is continuing as the infrastructure is still in use and numerous domains have been registered this month for this purpose.