Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A phishing campaign targeting telecommunications and financial sectors was identified in late October 2024. The attackers used Google Docs to deliver phishing links, redirecting victims to fake login pages hosted on Weebly. This method bypassed standard email filters and endpoint protections by leveraging trusted platforms. The campaign primarily targeted telecom and financial sectors with customized lures, including AT&T-themed pages and financial institution pages for US and Canadian users. The attackers used dynamic DNS for subdomain rotation and incorporated legitimate tracking tools like Sentry.io and Datadog to monitor phishing page metrics. They also employed fake multi-factor authentication prompts to enhance the appearance of authenticity and increase the chances of success.
OPENCTI LABELS :
phishing,mfa bypass,sim swapping,financial sector,telecom,google docs,tracking tools,weebly
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services