It’s tailored on the victim’s email. A link redirects to a fake company site, where user is asked to digit the password. Goal: to steal and harvest credentials.
Marco Ramilli, cyber security expert and Yoroi founder: The attacker, pretended to be a customer, sent to victims an email containing Microsoft XLS file, without Macro but with hidden malware.
The NCSC cyber security experts: The goal is credential harvesting. It has been active since at least July 2018 through various iterations, with a recent spike in early October 2019.
Barracuda Networks cyber security experts: In March 2019, 29% of businesses accounts were compromised. For ATOs are used brand impersonation, social engineering, and phishing.
The cyber security experts: There are many similarities on TTPs, targets and purposes. The credential harvesting could be complementary to the WebMask project on DNS Hijack.
Cisco Talos cyber security experts: At least 40 organizations across 13 different countries were compromised by a state-sponsored actor who exploits DNS hijacking.