Malicious actors believed to have leveraged the newly emergent Kratos phishing-as-a-service kit in a sophisticated multi-stage attack against a C-suite executive at Swedish exposure management and identity security provider Outpost24, reports SecurityWeek.The attack commenced with the distribution of a phishing email spoofing JP Morgan that included a pair of DomainKeys Identified Mail signatures and a "review document" link, which redirected to the legitimate secure-web.cisco.com domain while circumventing detection systems, according to an analysis from Outpost24's Specops Software subsidiary. Another redirection to legitimate email API platform Nylas that guarantees the phishing link's passage through Cisco Secure Web infrastructure is followed by a diversion to a subdomain on the website of an India-based development firm and to a domain initially linked to a Chinese company, with the user redirected once more before being served with a seemingly legitimate webpage aimed at pilfering Microsoft 365 credentials."By chaining redirects through legitimate services such as Cisco and Nylas, the attackers increase the likelihood that the link will pass security filtering and reputation checks. These domains are widely trusted and commonly observed in legitimate traffic, which makes automated blocking more difficult," said Specops researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds