| Key Detail | Description |
|---|---|
| Threat Actors | Financially motivated attackers targeting telecommunications and financial sectors. |
| Campaign Overview | Phishing campaign leveraging Google Docs and Weebly to target telecom and financial sectors, focusing on stealing credentials via fake login pages. |
| Target Regions (Or Victims) | Telecommunications and financial sectors in the U.S., Canada, and Europe. Victims include telecom and financial institution employees. |
| Methodology | Attackers used Google Docs to deliver phishing links, leading victims to Weebly-hosted fake login pages. Dynamic DNS for subdomain rotation. |
| Product targeted | Telecom and financial institution login pages, with tailored lures for brands like AT&T and a US-based financial institution. |
| Malware Reference | Not mentioned. |
| Tools Used | Google Docs, Weebly, dynamic DNS, Sentry.io, Datadog, Snowplow Analytics, Google Analytics. |
| Vulnerabilities Exploited | Phishing via trusted platforms, MFA bypass, credential theft. |
| TTPs | Phishing links, fake MFA prompts, dynamic DNS for evasion, tracking tools embedded in phishing pages. |
| Attribution | Financially motivated threat actors, specific attribution unclear. |
| Recommendations | Enhance email filtering for cloud documents, implement proactive DNS monitoring, enforce strong MFA, and improve phishing detection systems. |
| Source | EclecticIQ |
Read full article: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply