Multi-stage adversary-in-the-middle phishing and business email compromise attacks have been launched by the Storm-1167 threat operation against banking and financial services organizations, The Hacker News reports.
Storm-1167 has achieved initial access by compromising a trusted vendor before proceeding with the use of indirect proxy to facilitate the distribution of phishing pages to targets, a report from Microsoft revealed. Phishing emails sent by the threat operation included a link that redirects targets to a fraudulent Microsoft sign-in page meant for credential and time-based one-time password exfiltration. Such stolen information is then leveraged for user impersonation efforts as part of a replay attack that seeks to obtain email inbox access.
Researchers also found that phishing email recipients have been sent another AitM attack for credential exfiltration, while prompting another phishing operation.
"This attack shows the complexity of AiTM and BEC threats, which abuse trusted relationships between vendors, suppliers, and other partner organizations with the intent of financial fraud," said Microsoft.
Email security, Vulnerability Management
Financial orgs subjected to multi-stage AitM phishing, BEC attacks
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds