Phishing Attacks Getting Sophisticated, Corporate Executives Hacked
As per a report by Group-IB Threat Intelligence, executives from more than 150 companies have been the targets of spear-phishing attacks. These companies mainly operate in real estate, finance, and law sectors. The cyberattack campaign has been codenamed PerSwaysion due to the extensive usage of Microsoft Sway.
What is PerSwaysion?
How PerSwaysion works
- An email is sent to the victims, with a PDF file with minimal content, as an attachment. Upon opening the file, the victims are asked to click on a link to view the actual content.
- Victims are then redirected to a Microsoft Sway page where they are again asked to click on another link.
- The last link redirects the victim to a dummy Microsoft Outlook page, where the credentials are then collected by the hackers.
- After collecting the credentials, they create a PDF file containing the data of the victim and send it to new people from external organizations.
- Once the attackers send out a campaign from a compromised account, they delete all the impersonating emails to avoid being identified.
About the threat actors
- Security researchers believe the attack campaign to be orchestrated by scammers from South Africa and Vietnamese-speaking developers.
- According to the evidence collected by researchers, the scammers created LinkedIn profiles to collect data on their potential victims.