Hundreds of organizations around the world, particularly those in the financial services, technology, and healthcare sectors, are believed to have been targeted as part of a sweeping phishing campaign that exploited the infrastructure of the widely used project management platform Nifty, Cyber Security News reports.
Attacks involved the distribution of malicious emails abusing Nifty[.]com's redirect functionality to establish several redirection layers leading to webpages that facilitated verification mechanisms before leading to credential harvesting sites masquerading as legitimate login portals, an analysis from cybersecurity firm Raven revealed. Aside from integrating JavaScript-based browser fingerprinting into the intermediate pages, threat actors also adopted time-based redirection deferrals and virtual machine artifact checking to bypass analysis by targeted machines. Additional findings revealed that credential pilfering pages utilized in the attack campaign had been included with appropriate SSL certificates and other design elements that further establish their legitimacy.
Attacks involved the distribution of malicious emails abusing Nifty[.]com's redirect functionality to establish several redirection layers leading to webpages that facilitated verification mechanisms before leading to credential harvesting sites masquerading as legitimate login portals, an analysis from cybersecurity firm Raven revealed. Aside from integrating JavaScript-based browser fingerprinting into the intermediate pages, threat actors also adopted time-based redirection deferrals and virtual machine artifact checking to bypass analysis by targeted machines. Additional findings revealed that credential pilfering pages utilized in the attack campaign had been included with appropriate SSL certificates and other design elements that further establish their legitimacy.
