Manufacturing Sector Under Fire From Microsoft Credential Thieves

Summary: A threat actor is targeting the manufacturing sector with spear-phishing emails that trick victims into surrendering their Microsoft credentials through a spoofed login page. The campaign has affected at least 15 victims, primarily in the U.S. and Canada, by impersonating legitimate companies and using deceptive tactics to harvest sensitive information.

Threat Actor: Unknown | unknown
Victim: Manufacturing Sector | manufacturing sector

Key Point :

  • Threat actor sends spear-phishing emails impersonating legitimate companies like Periscope Holdings and R.S. Hughes.
  • Victims are directed to a spoofed Microsoft login page to harvest their credentials.
  • At least 15 victims have been targeted from March to August, primarily in the U.S. and Canada.
  • BlueVoyant researchers recommend monitoring for fake domains and educating employees on phishing tactics.
  • Strong authentication and conditional access policies are advised to mitigate risks.

A threat actor has been targeting victims in the manufacturing sector by sending spear-phishing emails to its victims that, when clicked on, prompt them to unknowingly surrender their Microsoft credentials.

Some of the emails impersonate two large, real-life companies: Periscope Holdings, a procurement solutions company, and R.S. Hughes, a North American industrial and safety supplies distributor; they also include a file named “Product List RFQ, NDA & Purchase Terms 2024.shtml.” Once the email is clicked on, the victim is directed to a spoofed Microsoft page with their username already inputted from their email, adding to the legitimacy of the scheme and prompting the victim to enter their password.

Once the fake page has accessed the password, it harvests the credentials to access accounts and potentially compromise sensitive information, according to the BlueVoyant researchers who discovered the campaign.

At least 15 victims have been targeted so far from March to August, particularly in the United States and Canada, though the threat actor, considered to be an “advanced adversary,” remains unknown.

The BlueVoyant researchers advise that those in the manufacturing sector or related industries monitor for fake or typosquatted domains; educate employees on spear-phishing tactics that may be used against them; and leverage conditional access policies and strong authentication.

Source: https://www.darkreading.com/ics-ot-security/manufacturing-sector-microsoft-credential-thieves