Malware sandbox service Any.Run had its employees subjected to a phishing attack suspected to be part of a business email compromise campaign, SecurityWeek reports.
While the intrusion was only discovered last week after the delivery of a phishing email from a sales team employee, an investigation into the matter showed that Any.Run has been under attack since late May after the said employee clicked a link on a client email that redirected to a Microsoft phishing website, which sought the employee's credentials and multi-factor authentication code. Aside from including their device for MFA, attackers also deployed a data exfiltration app before proceeding with sending the phishing emails using the compromised employee's account, access to which was immediately revoked by Any.Run. Despite the breach, Any.Run emphasized that no production environment or code base has been impacted by the incident as it ensured the implementation of additional safeguards to its systems.
