A recent report by Group-IB has exposed a highly advanced phishing campaign targeting employees from 30 companies across 15 jurisdictions. Using trusted domains and cutting-edge personalization techniques, attackers have bypassed Secure Email Gateways (SEGs) and exploited victims in critical sectors such as finance, government, aerospace, and energy.
Advanced Obfuscation and Multi-Layered Deception
The investigation, initiated in July 2024, uncovered the attackers’ use of:
- Over 200 phishing links hosted on legitimate platforms like Adobe’s InDesign cloud service and Google AMP.
- Techniques to bypass detection systems that typically block suspicious or unknown domains.
“Nine out of ten cyberattacks start with a phishing email, making it the most common entry point for threat actors,” the report emphasized.
Phishing Emails That Mimic Trusted Brands
The attackers used professionally designed phishing emails that impersonated well-known brands, including:
- DocuSign, prompting victims to sign fake contracts.
- Adobe-hosted links, disguising fraudulent login pages as critical documents.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents