The new phishing campaign is aimed at American organizations in the military-defense sphere, the field of security software, as well as in the areas of production supply chains, healthcare and pharmaceuticals. The attackers are targeting Microsoft Office 360 and Outlook corporate credentials.
According to researchers from ZScaler, the new phishing campaign has tactics and methods similar to another campaign discovered in mid-2020.
Attackers use mail services in Japan to send their messages and substitute the sender’s address, pretending to be employees of the victim company.
Headers of scam emails
The message used in the phishing campaign
The URL format is designed to give the impression that the site is an official subdomain of the company.
The process of generating a domain name
Before being on the site, the victim passes a CAPTCHA check, which actually serves to bypass anti-phishing systems. As soon as users pass this stage, they are redirected to a real phishing page that steals Microsoft Office 365 accounts.
The final phishing page
However, rather attentive users may notice that the domain of the login page does not belong to Microsoft and looks like this::
That is why, before entering a username and password, users should always check the site they are on, so as not to send data to intruders.