Phishing Attacks Getting Sophisticated, Corporate Executives Hacked

As per a report by Group-IB Threat Intelligence, executives from more than 150 companies have been the targets of spear-phishing attacks. These companies mainly operate in real estate, finance, and law sectors. The cyberattack campaign has been codenamed PerSwaysion due to the extensive usage of Microsoft Sway.

What is PerSwaysion?

PerSwaysion is a cybercrime campaign that has been in operation since 2019, in the form of highly-targeted phishing attacks. These attacks use spear-phishing techniques to infect targeted executives. The financial sector has been hit the worst with more than 50% of the targeted executives belonging to the sector.

How PerSwaysion works


  • An email is sent to the victims, with a PDF file with minimal content, as an attachment. Upon opening the file, the victims are asked to click on a link to view the actual content.
  • Victims are then redirected to a Microsoft Sway page where they are again asked to click on another link.
  • The last link redirects the victim to a dummy Microsoft Outlook page, where the credentials are then collected by the hackers. 
  • After collecting the credentials, they create a PDF file containing the data of the victim and send it to new people from external organizations.
  • Once the attackers send out a campaign from a compromised account, they delete all the impersonating emails to avoid being identified.

About the threat actors


  • Security researchers believe the attack campaign to be orchestrated by scammers from South Africa and Vietnamese-speaking developers.
  • According to the evidence collected by researchers, the scammers created LinkedIn profiles to collect data on their potential victims.

In essence

Cyber risk management is pretty challenging, owing to the proliferation of cloud-based services. An effective cloud security strategy should consist of incident response, early prevention, and anomaly detection. Moreover, 2FA authentication should be made mandatory to avoid theft of credentials or hijacking of employee accounts.