Hackread reports that more than 30 government, telecommunications, aerospace, finance, energy, manufacturing, and fashion organizations around the world had their employees targeted by an ongoing sophisticated phishing campaign that sought to compromise login credentials through the exploitation of trusted platforms.
Intrusions involved the exploitation of trusted domains, such as Adobe.com and Google AMP, to evade detection, according to a report from Group-IB. Aside from leveraging fraudulent Adobe and DocuSign notifications to deceive targets into opening purportedly important files, threat actors also crafted highly convincing phishing pages that contain the targeted firms' logo and branding as a means to exfiltrate user credentials to Telegram bots or command-and-control servers. "The Telegram bot's history log revealed that the collected credentials were not limited to a single company. Instead, they spanned a wide range of business email addresses belonging to various brands and countries, all impacted by an ongoing email phishing campaign," said Group-IB researchers.
