Operators of a phishing campaign targeting the construction and energy sectors have revealed credentials stolen in attacks.
Check Point Ressearch in partnership with Otorio published a blog post describing the campaign, in which stolen information was dumped on compromised WordPress domains.
The attack started with one of several fraudulent email templates and would mimic Xerox/Xeros scan notifications by including the name or title of a target company employee in the subject line.
The detected phishing messages originated from a Linux server hosted on Microsof Azure and were sent via PHP Mailer and 1&1 email servers.
The attack included an attached HTML file containing embedded JavaScript code that had one function, covert background checks for password usage. As soon as the credentials input was verified, they would be harvested and users would be sent to legitimate login pages.
Bluecerts once again sets a new example of the need for protection and vigilance for organizations and the average citizen. It is paramount that we adopt behaviors to protect ourselves and be aware of the various dangers to which we are exposed.