"The phishing emails purport to be internal regulatory or compliance messages, with display names such as 'Team Conduct Report', 'Workforce Communications', and 'Internal Regulatory COC', and subject lines such as 'Reminder: employer opened a non-compliance case log'."
"Analysis of the sending infrastructure indicated that the campaign emails were sent using a legitimate email delivery service, likely originating from a cloud-hosted Windows virtual machine."
"The recipient is instructed to open a personalized attachment to review case materials. The attachments are PDF documents titled 'Awareness Case Log File' or 'Disciplinary Action' that direct the user to click the 'Review Case Materials' link within the document."
"When the link is clicked, the user is taken to a Cloudflare CAPTCHA page, which Microsoft believes serves as a gating mechanism against automated analysis."
A sophisticated phishing campaign has been identified, targeting over 35,000 attempts across 13,000 organizations in 26 countries, primarily in the US. The emails mimic internal regulatory messages, using deceptive display names and subject lines. Victims are prompted to open malicious PDF attachments that lead to a CAPTCHA page, ultimately directing them to a site requesting email sign-in. The campaign utilizes a legitimate email delivery service and attacker-controlled domains to enhance credibility.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]