Suggestions

Subscribe
Dark
Light

March 2024 saw 5 significant phishing campaigns

1 min read
92 views
April 3, 2024
by

TLDR:

  • March 2024 saw notable phishing campaigns targeting victims with new tactics.
  • Criminals used social engineering, fake login pages, geo-specific targeting, AWS, and legitimate services like TikTok and Google AMP.

In March 2024, several major phishing campaigns caught the attention of security experts with their innovative tactics and approaches. These campaigns targeted unsuspecting victims using a variety of methods:

Attack Using SmbServer to Steal Victims’ Credentials

At the beginning of the month, an attack likely carried out by the infamous TA577 threat actor targeted victims’ credentials through a social engineering email with a weaponized HTML file. The victim’s data, including IP address, NTLM challenge data, username, and computer name, was stolen using impacket-smbserver via the SMB protocol.

Attack Utilizing Fake MS Outlook Login Pages

Another phishing campaign combined a Telegram bot with phishing pages hosted on Cloudflare Workers to steal user login credentials by mimicking MS Outlook login pages using base64 encoded images and familiar JavaScript libraries.

Attack Targeting Users in Latin America

A geo-specific campaign targeted victims in the LATAM region by impersonating Colombian government agencies in spam emails accompanied by PDFs accusing recipients of traffic violations or legal issues. The attack involved the delivery of remote access trojans (RATs) like AsyncRAT, NjRAT, and Remcos.

Attack Abusing AWS to Drop STRRAT

This phishing campaign used legitimate services like AWS and Github to store and deliver malware payloads, encouraging victims to verify payment information and download malicious JAR files disguised as payment invoices.

Attack Exploiting TikTok and Google AMP Phishing Page

The latest phishing campaign on the list employed a chain of legitimate services starting from TikTok and ending with Cloudflare to host phishing pages that tricked users into entering their credentials. The campaign featured a complex redirect chain and encrypted code elements to steal victims’ data.

Overall, these phishing campaigns in March 2024 showcased the evolving tactics of cybercriminals and highlighted the importance of staying vigilant and informed to protect against such attacks.

Post Views: 92

Priya Patel

Previous Story

Cybersecurity transforming with Generative AI

Next Story

Cal Poly’s new program boosts cybersecurity workforce development efforts

Latest from News

August 2024: 36 Cybersecurity M&A Deals Unveiled

“`html TLDR: Key Points: 36 cybersecurity-related M&A deals announced in August 2024 Major deals include Ark-Vantyr, Check Point-Cyberint, Cisco-Robust Intelligence, DigiCert-Vercara, EQT-Acronis Summary: Thirty-six