Recently, the threat actors have launched a new voicemail phishing campaign in an attempt to steal Outlook credentials and login credentials to Microsoft Office 365.
The following are the sectors and organizations in the U.S. that were targeted in conjunction with this campaign:
- Security software
- Manufacturing supply chain
The goal of this ongoing malicious campaign is to lure victims into opening a malicious HTML attachment via fake voicemail notifications which are being used by the hackers to lure their victims. Researchers said.
The malicious campaign
There are some similarities between TTPs of the recently found campaign and one analyzed in the mid-2020 timeframe. To ensure their communications are routed by spoofing the address of the sender, the threat actors use email services in Japan.
The emails look as if they are coming from an address that belongs to the organization you are trying to target.
Here the email used by the threat actors contains an attachment that appears to be a sound clip because of the use of a music note character in the naming convention.
In the course of this redirection, the victim is directed to a CAPTCHA verification page. In order to prevent suspicious activity from being spotted by anti-phishing tools and give the victim a false sense of legitimacy, this check is intended to ensure suspicious activity is not identified.
Upon passing the above criteria, the user will be redirected to a phishing page that appears to be genuine, which will then steal their Microsoft Office 365 credentials.
Here below we have mentioned all the domains used by the threat actors:-
As a result, users should always make sure they are on the right login portal before filling in and submitting their username and password.
There is a standard practice in most businesses that recipients log into their accounts. Therefore, a request for them to log in once more to hear the voicemail might seem suspicious.
It’s not new to use HTML attachments as part of phishing to disguise Voicemail-themed scams. It’s been happening since at least 2019, and it’s still quite effective, particularly when employees are careless in handling the email.