Phishing, Cloud Security, Cloud Security

New MirrorBlast phishing campaign targets financial entities

Share

Financial organizations in the U.S., Canada, Europe, Hong Kong and other countries are being impacted by the novel MirrorBlast phishing campaign launched by Russia-linked threat group Evil Corp, or TA505, since early last month, a Morphisec report revealed in SecurityWeek. The threat group leverages phishing emails to deliver a malicious document before using OneDrive or SharePoint file share request lures containing a Google feedproxy URL, which redirects to phony OneDrive or SharePoint sites. The fake sites and required SharePoint sign-in help attacks avoid detection, according to researchers. Morphisec discovered that one of the pages where the SharePoint lure redirects, and other artifacts were tied to TA505. “TA505 is one of many financially motivated threat groups currently active in the marketplace. They are also one of the most creative, as they have a tendency to constantly shift the attacks they leverage to achieve their goals. This new attack chain for MirrorBlast is no exception for TA505 or for other innovative threat groups,“ said Morphisec.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.