How a Team of Hackers left Stolen Phishing Credentials up for Grabs

In August, attackers initiated a phishing campaign with emails that masqueraded as Xerox scan notifications, prompting users to open a malicious HTML attachment. While this infection chain may sound simple, it successfully bypassed Microsoft Office 365 Advanced Threat Protection (ATP) filtering and stole over a thousand corporate employees’ credentials. The attackers behind the campaign exposed the credentials they had stolen to the public Internet, across dozens of drop-zone servers used by the attackers. With a simple Google search, anyone could have found the password to one of the compromised email addresses: a gift to every opportunistic attacker.

image
Check Point Software Hacker Noon profile picture

@checkpointCheck Point Software

Welcome to the Future of Cyber Security. Providing solutions across all vectors to prevent 5th generation cyber attacks.

by Check Point Software @checkpoint. Welcome to the Future of Cyber Security. Providing solutions across all vectors to prevent 5th generation cyber attacks.Visit us

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.



How a Team of Hackers left Stolen Phishing Credentials up for Grabs
Source: Pinay Tube PH

Post a Comment

0 Comments