Rewterz Threat Alert – Covid-19 Themed Malicious URLs
August 10, 2020Rewterz Threat Alert – Homoglyph Attacks used in Phishing Campaign and Magecart Attacks
August 10, 2020Rewterz Threat Alert – Covid-19 Themed Malicious URLs
August 10, 2020Rewterz Threat Alert – Homoglyph Attacks used in Phishing Campaign and Magecart Attacks
August 10, 2020Severity
Medium
Analysis Summary
A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The fraudsters, named “Water Nue,” primarily target accounts of financial executives to obtain credentials for further financial fraud. The phishing emails redirect users to fake Office 365 login pages. Once the credentials are obtained and accounts are successfully compromised, emails containing invoice documents with tampered banking information are sent to subordinates in an attempt to siphon money through fund transfer requests.
Impact
- Credential Theft
- Financial Fraud
Indicators of Compromise
Domain Name
- takeusall[.]online
- highstreetmuch[.]xyz
URL
- https[:]//takeusall[.]online/benzz/gate[.]PHP
- https[:]//highstreetmuch[.]xyz/hug/gate[.]php
Remediation
- Block the threat indicators at their respective controls.
- Do not enter credentials when unintentionally redirected to a login page.