Phishing, Cloud Security, Cloud Security
New MirrorBlast phishing campaign targets financial entities
Share
Financial organizations in the U.S., Canada, Europe, Hong Kong and other countries are being impacted by the novel MirrorBlast phishing campaign launched by Russia-linked threat group Evil Corp, or TA505, since early last month, a Morphisec report revealed in SecurityWeek.
The threat group leverages phishing emails to deliver a malicious document before using OneDrive or SharePoint file share request lures containing a Google feedproxy URL, which redirects to phony OneDrive or SharePoint sites. The fake sites and required SharePoint sign-in help attacks avoid detection, according to researchers.
Morphisec discovered that one of the pages where the SharePoint lure redirects, and other artifacts were tied to TA505. “TA505 is one of many financially motivated threat groups currently active in the marketplace. They are also one of the most creative, as they have a tendency to constantly shift the attacks they leverage to achieve their goals. This new attack chain for MirrorBlast is no exception for TA505 or for other innovative threat groups,“ said Morphisec.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news