[threat-actors] Add Storm-0835

This commit is contained in:
Mathieu4141 2024-02-01 11:02:05 -08:00
parent 1589a943a9
commit a42dc67fb6

View file

@ -14707,6 +14707,16 @@
}, },
"uuid": "eb7b5ed7-cf9d-4c72-8f89-a2ee070b89b6", "uuid": "eb7b5ed7-cf9d-4c72-8f89-a2ee070b89b6",
"value": "Storm-1674" "value": "Storm-1674"
},
{
"description": "Cybercriminals have launched a phishing campaign targeting senior executives in U.S. firms, using the EvilProxy phishing toolkit for credential harvesting and account takeover attacks. This campaign, initiated in July 2023, primarily targets sectors such as banking, financial services, insurance, property management, real estate, and manufacturing. The attackers exploit an open redirection vulnerability on the job search platform \"indeed.com,\" redirecting victims to malicious phishing pages impersonating Microsoft. EvilProxy functions as a reverse proxy, intercepting credentials, two-factor authentication codes, and session cookies to hijack accounts. The threat actors, known as Storm-0835 by Microsoft, have hundreds of customers who pay monthly fees for their services, making attribution difficult. The attacks involve sending phishing emails with deceptive links to Indeed, redirecting victims to EvilProxy pages for credential harvesting.",
"meta": {
"refs": [
"https://www.linkedin.com/pulse/cyber-criminals-using-evilproxy-phishing-kit-target-senior-soral/"
]
},
"uuid": "2da09284-be56-49cd-ad18-993a6eb17af2",
"value": "Storm-0835"
} }
], ],
"version": 298 "version": 298