Inside the incident: Uncovering an advanced phishing attack
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated phishing campaign targeted a U.K.-based insurance company, using a compromised CEO's email account from a major shipping company. The attack involved a malicious PDF link hosted on AWS, leading to a fake Microsoft authentication page. The threat actor employed tactics like deletion rules, trusted sender addresses, and legitimate platforms to evade detection. The 'Russian nesting dolls' method was used, embedding multiple links to obscure the final phishing site. Swift action by the security team limited the attacker's success to creating a deletion rule. The incident was part of a broader campaign targeting multiple companies, highlighting the need for enhanced user awareness and technical measures to combat increasingly sophisticated phishing attempts.
OPENCTI LABELS :
phishing,social engineering,credential theft,account takeover,email security
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Inside the incident: Uncovering an advanced phishing attack