A phishing campaign has been discovered that leverages brand names to trick victims into giving up Microsoft Office 365 credentials.
Office 365 has become a lucrative target for threat actors due to its increasing adoption by the corporate sector. The latest attack comprised of the attackers exploiting an Adobe Campaign redirection mechanism, using a Samsung domain to redirect targets to an Office 365 themed phishing website.
Please note that neither Samsung nor Adobe were compromised in the sense of exploiting a vulnerability. Samsung’s Adobe Campaign server was left accessible to manage campaigns that were not part of the organization’s marketing campaigns.
How did the attackers bypass security?
- Utilized an Oxford email server to send spam - bypassed sender reputation filters.
- Links in the email indicate towards high-reputation domain owned by Samsung.
- Too many redirects lead to a completely obfuscated phishing page.
The bottom line
Although the campaign was short-lived, the actors developed their redirection tactics to be independent of any particular domain and the Adobe Campaign servers. It is recommended that organizations use cloud and mail security measures to avert these types of attacks.