Microsoft has revealed details of a deceptive year-long social engineering campaign in which the operators changed their obfuscation and encryption mechanisms every 37 days on average, including using Morse code, in an attempt to hide their tracks and steal user credentials.
One of numerous tactics employed by the hackers, who Microsoft did not name, to disguise harmful software was Morse Code, a means of encoding characters with dots and dashes popularised by telegraph technology. It serves as a reminder that, despite their complexity, modern offensive and defensive cyber measures are generally based on the simple principle of hiding and cracking code.
The phishing attempts take the shape of invoice-themed lures that imitate financial-related business transactions, with an HTML file (“XLS.HTML”) attached to the emails. The ultimate goal is to collect usernames and passwords, which are then utilized as an initial point of access for subsequent infiltration attempts.
The attachment was compared to a “jigsaw puzzle” by Microsoft, who explained that individual pieces of the HTML file are designed to appear innocuous and slip by the endpoint security software, only to expose their true colors when decoded and joined together. The hackers that carried out the attack were not identified by the company.
“This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving,” Microsoft 365 Defender Threat Intelligence Team said in an analysis. “On their own, the individual segments of the HMTL file may appear harmless at the code level and may thus slip past conventional security solutions.”
When you open the attachment, a counterfeit Microsoft Office 365 credentials dialogue box appears on top of a blurred Excel document in a browser window. The dialogue box displays a message requesting recipients to re-sign in since their access to the Excel document has allegedly expired. When a user types in a password, the user is notified that the password is incorrect, while the virus stealthily collects the information in the background. Since its discovery in July 2020, the campaign is reported to have gone through ten iterations, with the adversary occasionally changing up its encoding methods to hide the harmful nature of the HTML attachment and the many assault segments contained within the file.
According to Christian Seifert, lead research manager at Microsoft’s M365 Security unit, the hackers have yet to be linked to a known group. “We believe it is one of the many cybercrime groups that defraud victims for profit,” Seifert said.
Source: https://www.ehackingnews.com/2021/08/phishing-attackers-spotted-using-morse.html
- "
- 2020
- access
- allegedly
- analysis
- Box
- BP
- browser
- business
- Campaign
- code
- company
- Counterfeit
- Credentials
- cyber
- cybercrime
- Detection
- DID
- discovery
- encryption
- Endpoint
- Endpoint security
- Engineering
- Excel
- Group
- hackers
- Hide
- HTTPS
- Including
- information
- Intelligence
- IT
- July
- lead
- Level
- Microsoft
- Microsoft 365
- Microsoft Office
- Microsoft Office 365
- Office 365
- open
- Password
- Passwords
- phishing
- Profit
- puzzle
- research
- security
- Security software
- Simple
- Social
- Social Engineering
- Software
- Solutions
- tactics
- Technology
- threat intelligence
- top
- Transactions
- virus
- WHO
- within
More from E Hacking News
Credential Leak Detection Device Scrapesy Limits Incident of Data Breaches
Source Node: 1861006
Time Stamp: Aug 10, 2021
Severe Shopify Flaw Exposed GitHub Access Token And Source Code Repositories
Source Node: 1859100
Time Stamp: Jul 30, 2021
Secrets from Public Repositories Were Exposed Due to Travis CI Flaw
Source Node: 1867175
Time Stamp: Sep 20, 2021
Bugs in the Zimbra Server Could Lead to Unrestricted Email Access
Source Node: 995499
Time Stamp: Jul 29, 2021
Underground Criminals Selling Stolen Network Access to Third Parties for up to $10,000
Source Node: 1864251
Time Stamp: Aug 13, 2021
Thailand’s Data on 106 Million Visitors has been Breached
Source Node: 1089498
Time Stamp: Sep 23, 2021
India’s Finance Software Powerhouse NSE Blown By EpsilonRed Ransomware
Source Node: 887752
Time Stamp: Jun 8, 2021
The sharp drop of the cryptocurrency provokes cyber fraudsters
Source Node: 874566
Time Stamp: May 26, 2021
Russian scientists have launched the first quantum network with open access in Moscow
Source Node: 1014419
Time Stamp: Aug 12, 2021
Hackers hacked the accounts of employees of government agencies in Russia and more than ten other neighboring countries
Source Node: 1875936
Time Stamp: Sep 23, 2021
This Vulnerability in E-Learning Platform Moodle Could Even Modify Exam Results
Source Node: 998194
Time Stamp: Aug 2, 2021
City Officials of Grass Valley Negotiates with the Handlers of Ransomware Attack
Source Node: 998196
Time Stamp: Aug 2, 2021