Phishing

Sniper Dz PhaaS platform extensively leveraged in cyberattacks

Share

Threat actors have leveraged the Sniper Dz phishing-as-a-service platform to establish more than 140,000 phishing websites for credential theft efforts during the past 12 months, with malicious activity against U.S.-based web users escalating beginning in July, The Hacker News reports.

Malicious websites created with Sniper Dz have been given custom links and obscured by the legitimate proxymesh[.]com server, which has been configured to facilitate automated phishing content loading without direct communications in a bid to prevent detection of the PhaaS platform's backend servers, according to a Palo Alto Networks Unit 42 analysis. Meanwhile, credentials stolen by the sites could be accessed through an admin panel within the clearnet site. "Sniper Dz phishing pages exfiltrate victim credentials and track them through a centralized infrastructure. This could be helping Sniper Dz collect victim credentials stolen by phishers who use their PhaaS platform," said Unit 42 researchers. Such findings follow a Cisco Talos report detailing intrusions exploiting backend SMTP infrastructure-linked web pages to enable stealthy phishing email delivery.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.