Manufacturing Sector Under Fire From Microsoft Credential Thieves

  /     /     /  
Publicated : 23/11/2024   Category : security

Manufacturing Sector Under Fire From Microsoft Credential Thieves


The emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity.


A threat actor has been targeting victims in the manufacturing sector by sending spear-phishing emails to its victims that, when clicked on, prompt them to unknowingly surrender their
Microsoft credentials
.
Some of the emails impersonate two large, real-life companies: Periscope Holdings, a procurement solutions company, and R.S. Hughes, a North American industrial and safety supplies distributor; they also include a file named Product List RFQ, NDA & Purchase Terms 2024.shtml. Once the email is clicked on, the victim is directed to a spoofed Microsoft page with their username already inputted from their email, adding to the legitimacy of the scheme and prompting the victim to enter their password.
Once the fake page has accessed the password, it harvests the credentials to access accounts and potentially compromise sensitive information, according to the BlueVoyant researchers who
discovered the campaign
.
At least 15 victims have been targeted so far from March to August, particularly in the United States and Canada, though the threat actor, considered to be an advanced adversary, remains unknown.
The BlueVoyant researchers advise that those in the manufacturing sector or related industries monitor for fake or typosquatted domains; educate employees on spear-phishing tactics that may be used against them; and leverage conditional access policies and strong authentication.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Manufacturing Sector Under Fire From Microsoft Credential Thieves