Microsoft has revealed details of a deceptive year-long social engineering campaign in which the operators changed their obfuscation and encryption mechanisms every 37 days on average, including using Morse code, in an attempt to hide their tracks and steal user credentials.
One of numerous tactics employed by the hackers, who Microsoft did not name, to disguise harmful software was Morse Code, a means of encoding characters with dots and dashes popularised by telegraph technology. It serves as a reminder that, despite their complexity, modern offensive and defensive cyber measures are generally based on the simple principle of hiding and cracking code.
The phishing attempts take the shape of invoice-themed lures that imitate financial-related business transactions, with an HTML file (“XLS.HTML”) attached to the emails. The ultimate goal is to collect usernames and passwords, which are then utilized as an initial point of access for subsequent infiltration attempts.
The attachment was compared to a “jigsaw puzzle” by Microsoft, who explained that individual pieces of the HTML file are designed to appear innocuous and slip by the endpoint security software, only to expose their true colors when decoded and joined together. The hackers that carried out the attack were not identified by the company.
“This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving,” Microsoft 365 Defender Threat Intelligence Team said in an analysis. “On their own, the individual segments of the HMTL file may appear harmless at the code level and may thus slip past conventional security solutions.”
When you open the attachment, a counterfeit Microsoft Office 365 credentials dialogue box appears on top of a blurred Excel document in a browser window. The dialogue box displays a message requesting recipients to re-sign in since their access to the Excel document has allegedly expired. When a user types in a password, the user is notified that the password is incorrect, while the virus stealthily collects the information in the background. Since its discovery in July 2020, the campaign is reported to have gone through ten iterations, with the adversary occasionally changing up its encoding methods to hide the harmful nature of the HTML attachment and the many assault segments contained within the file.
According to Christian Seifert, lead research manager at Microsoft’s M365 Security unit, the hackers have yet to be linked to a known group. “We believe it is one of the many cybercrime groups that defraud victims for profit,” Seifert said.
Source: https://www.ehackingnews.com/2021/08/phishing-attackers-spotted-using-morse.html
- "
- 2020
- access
- allegedly
- analysis
- Box
- BP
- browser
- business
- Campaign
- code
- company
- Counterfeit
- Credentials
- cyber
- cybercrime
- Detection
- DID
- discovery
- encryption
- Endpoint
- Endpoint security
- Engineering
- Excel
- Group
- hackers
- Hide
- HTTPS
- Including
- information
- Intelligence
- IT
- July
- lead
- Level
- Microsoft
- Microsoft 365
- Microsoft Office
- Microsoft Office 365
- Office 365
- open
- Password
- Passwords
- phishing
- Profit
- puzzle
- research
- security
- Security software
- Simple
- Social
- Social Engineering
- Software
- Solutions
- tactics
- Technology
- threat intelligence
- top
- Transactions
- virus
- WHO
- within
More from E Hacking News
Master Key for Decryption of Kaseya, Leaked on Hacking Forum
Source Node: 1018434
Time Stamp: Aug 12, 2021
BlackMatter & Haron Targeting Firms with Revenue of $100 Million and More
Source Node: 995493
Time Stamp: Jul 29, 2021
IT expert warned about the danger of pirated files downloaded via torrent
Source Node: 1089500
Time Stamp: Sep 22, 2021
Microsoft Discovered a Massive Phishing-as-a-Service Operation
Source Node: 1089494
Time Stamp: Sep 23, 2021
Lubbock County Denies Data Leak, Says Data Temporarily Attainable Under New Software System
Source Node: 1875200
Time Stamp: Sep 20, 2021
Credential Leak Detection Device Scrapesy Limits Incident of Data Breaches
Source Node: 1861006
Time Stamp: Aug 10, 2021
Raven Hengelsport Data Breach Exposes 18GB of Customer Data
Source Node: 995495
Time Stamp: Jul 29, 2021
Zyxel Warns Customers About Hackers Targeting its Firewalls & VPN Devices
Source Node: 1856940
Time Stamp: Jun 28, 2021
Thailand’s Data on 106 Million Visitors has been Breached
Source Node: 1089498
Time Stamp: Sep 23, 2021
Identity Verification Platform Troolio Closes a $394 Million Deal
Source Node: 887756
Time Stamp: Jun 8, 2021
Conti Group Exploited Vulnerable Microsoft Exchange Servers
Source Node: 1018436
Time Stamp: Aug 12, 2021
Cyber Firm: Ransomware Group Demanding $50M in Accenture Security Breach
Source Node: 1864222
Time Stamp: Aug 13, 2021