Pick your Poison - A Double-Edged Email Attack

SUMMARY :

A sophisticated cyber-attack campaign has been identified, combining phishing techniques targeting Office365 credentials with malware delivery. The attackers use a file deletion reminder as a pretext, exploiting a legitimate file-sharing service to appear more credible. Upon opening a shared PDF file, users are presented with two hyperlinks: 'Preview' leads to a fake Microsoft login page for credential theft, while 'Download' initiates the installation of ConnectWise RAT malware. The malware establishes persistence through system services and registry modifications. This dual-threat approach emphasizes the need for user vigilance and education in recognizing phishing attempts and suspicious emails.

OPENCTI LABELS :

phishing,social engineering,credential theft,remote access,connectwise rat,office365


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Pick your Poison - A Double-Edged Email Attack