A large-scale phishing campaign has been spotted targeting internet end users in Brazil and Portugal by leveraging Anubis Network. The phishing campaign has been ongoing since March.
The phishing campaign
Hackers use Anubis Network as a C2 portal to control fake portals and steal credentials. The phishing campaign was first disclosed by Seguranca Informatica back in 2020. Here’s how it works.
- A feature, called the email temp, has been added in this new version of the C2 portal that allows the operators to create new domains and use internal emails to control all the processes.
- Anubis network phishing campaigns are masked via Cloudflare CDN. Its operators easily make this configuration using an interface that uses the CloudFlare API for setting up new DNS zones.
How the campaign works?
- A delivery mechanism to spread the landing page, which is usually performed using phishing and smishing.
- A malicious landing page hosted on a cloud server with a user interface and a very similar layout to a real system.
- A back-end operation that allows operators to manage the details of victims.
Conclusion
Phishing campaigns are now becoming more advanced and bypassing traditional security protection systems. Once again, email is one of the most effective cyber weapons to reach victims. Therefore, awareness training along with education on social engineering has become important.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/31e7_shutterstock_542608048.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/d5f0_shutterstock_1126493063.jpg)
