Microsoft has issued a warning for Microsoft clients regarding a phishing attack that is doing the rounds. The warning was issued by Microsoft's Threat Intelligence Center (MSTIC). The phishing attack, called SEABORGIUM, targets Microsoft's clients posing as security experts from Microsoft via email. Although this phishing scheme, which originated in Russia has been present since 2017, it has recently popped up again, targeting a number of people before it was red-flagged by Microsoft's Threat Intelligence Center.
In this phishing scheme, the threat actor targets the same organization slowly over a long period of time. According to Microsoft, once it is successful, it slowly infiltrates targeted organizations' social networks through constant impersonation, rapport building, and phishing to deepen their intrusion. It builds rapport and develops trust with the target organization.
The threat actors use numerous emails impersonating real employees of Microsoft. The company says that the SEABORGIUM actor delivers malicious URLs directly in an email or via attachments as you can see below, often imitating hosting services like Microsoft's own OneDrive.
A phishing kit known as EvilGinx is used to steal the victim's personal and financial information. A phishing portal is designed which looks exactly like the Microsoft's to fool victims into entering their login credentials.
Microsoft has explained that, “In limited cases, SEABORGIUM has been observed setting up forwarding rules from victim inboxes to actor-controlled dead drop accounts where the actor has long-term access to collected data. On more than one occasion, we have observed that the actors were able to access mailing-list data of sensitive groups, such as those
Read more on tech.hindustantimes.com