This article emphasizes a sophisticated cyber-attack leveraging phishing techniques targeting Office365 credentials while also delivering malware through deceptive emails disguised as legitimate file deletion notices. Victims are tricked into clicking links that lead to credential theft and malicious downloads, ultimately compromising their systems. Affected: Office365, users of file-sharing services, organizations vulnerable to phishing attacks
Keypoints :
- Cyber attackers are using a hybrid approach combining credential phishing and malware delivery.
- Victims receive emails disguised as file deletion reminders from a legitimate service.
- Clicking links in the emails leads to fraudulent Microsoft login pages and malware downloads.
- Malware installs itself upon execution, linked to the ConnectWise RAT malware family.
- Users must remain vigilant and educated about phishing threats to avoid falling victim.
MITRE Techniques :
- Phishing (T1566) – The initial infection is triggered by users clicking on phishing emails that appear to be legitimate requests.
- Credential Dumping (T1003) – The attack exploits the user’s credentials via a fake Microsoft login page.
- Remote Code Execution (T1203) – The malware executes through the downloaded executable file designed to appear as a legitimate application.
- Persistence (T1547) – The malware modifies system registry to ensure persistence after system reboots.
- Command and Control (T1071) – The malware establishes a connection to a command and control server to receive instructions.
Indicator of Compromise :
- [IP Address] 139.178.89.76
- [Domain] instance-i4zsy0-relay.screenconnect.com
- [File Name] Mash_Media_Group_Ltd_-S8927302.pdf
- [Hash MD5] d3ed45f0dfadc24c76245b036b3b9738
- [File Name] SecuredOnedrive.ClientSetup.exe
Full Story: https://cofense.com/blog/pick-your-poison-a-double-edged-email-attack
Views: 28