Manufacturing, government, telecommunications, energy, automotive, and professional services organizations in Germany, Hungary, Slovakia, and the Czech Republic have been subjected to a covert phishing campaign that leveraged security filter-evading HTML files and Telegram bots to pilfer credentials, The Cyber Express reports.Malicious emails purporting to be business correspondence have been leveraged to spread HTML attachments with RFC-compliant filenames that evade email security scanning, according to Cyble researchers. Opening the attachments would lure targets into providing their email and password details, which are then sent by an embedded JavaScript to attacker-controlled Telegram bots, removing the need for command-and-control infrastructure.Further analysis of the campaign has revealed ongoing development, with attackers found to have initially tapped basic JavaScript before using CryptoJS AES encryption and other measures to better evade detection.Such a threat should prompt the implementation of more robust cybersecurity defenses, with organizations urged to be vigilant of suspicious api.telegram.org connections and unwanted HTML attachments.
