According to reports, a total of 156 top company executives have been successfully hacked in ‘PerSwaysion Campaign’, a coordinated email phishing attack. The victims were allegedly staff of companies spread across Germany, the UK, Netherlands, Hong Kong, and Singapore.
The Hacker News’ report revealed that the group of hackers took advantage of Microsoft file-sharing services, such as: Sway, SharePoint, and OneNote.
This hacking campaign is known as PerSwaysion and its targets are the top employees of finance, law, and real estate firms. Group-IB, a technology intelligence group, provided a detailed description of how the hacking worked.
In its blog post titled, “PerSwaysion Campaign Playbook of Microsoft Document Sharing-Based Phishing Attack”, the intelligence group said:
“The PerSwaysion campaign adopts multiple tactics and techniques to avoid traffic detection and automated threat intelligence gathering:
“Whitewashing techniques: Using legit file sharing sites as jumping board; Using web application hosting from reputable vendors such as Google’s AppSpot and IBM’s MyBlueMix
“Counter-intelligence methods: Randomizing malicious JS file names; Fingerprinting victim browsers and rejecting repeated visits.”
Also read:
– Nintendo Says 160,000 Accounts Were Affected In A Breach By Hackers
– How Hackers Are Exploiting Coronavirus To Target The Unsuspecting
– Cisco Bug That Gives Remote Hackers Administrative Privileges Discovered
In addition, the blog post mentioned about 20 Office365 accounts of executives, presidents, and managing directors of companies. This is not all that Feixiang He, the Senior Threat Intelligence Analyst at Group-IB, revealed.
He also mentioned the suspected origins of the scammers after linking the names used to other known threat actors. Feixiang He wrote:
“With Group-IB’s threat actor profiling system, the team is able to attribute anuanuanuoluwa@gmail[.]com to a group of active scammers in Nigeria and South Africa whose main personnel goes by the name Sam.”
It also provided a diagram that links the email address to a TECNO phone and a post on Nairaland Forum. This also showed that a SouthAfrican hacker was also part of the hacking team. See the diagram below:
There is also a likelihood that a Vietnamese hacker was part of the team running the PerSwaysion hacking campaign. Group-IB provides a list of emails that the hackers used during the operation.
Also, you can use this page to check if your email was compromised as well.
For your daily dose of tech, lifestyle and trending content, make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at info@plat4om.com. Finally, don’t forget to subscribe to our YouTube channel HERE.