Rewterz

Rewterz Threat Alert – TA505 APT Group Phishing Campaign

June 3, 2019
Rewterz

Rewterz Threat Advisory – CVE-2018-16871 – Linux Kernel “nfsd4_verify_copy()” Vulnerability

June 3, 2019

Rewterz Threat Alert – Outlook Web Mail Phishing Email Asks Targets to Manage Undelivered Email

Severity

Medium

Analysis Summary

A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form.

What we have usually seen in the phishing campaigns is the account cancellation notices or high volume of file deletions.

Office 365 Phishing Email

The phishing email then prompts you to choose whether you want to  delete all of the emails, deny them, allow them to be delivered, or to whitelist them for the future. Regardless of the link you click on , you will be brought to a fake “Outlook Web App” landing page that asks you to enter your login credentials.

Phishing Scam Landing Page

Once you enter your credentials, the page will save them so that they can be retrieved by the scammer at a later date.

Impact

  • Credential theft
  • Loss of sensitive information

Remediation

  • Always be suspicious about emails sent by unknown senders
  • Never click on the link/ attachments sent by unknown senders

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.