Manufacturing Sector Under Fire From Microsoft Credential Thieves

The emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity.

A threat actor has been targeting victims in the manufacturing sector by sending spear-phishing emails to its victims that, when clicked on, prompt them to unknowingly surrender their
Microsoft credentials
.
Some of the emails impersonate two large, real-life companies: Periscope Holdings, a procurement solutions company, and R.S. Hughes, a North American industrial and safety supplies distributor; they also include a file named Product List RFQ, NDA & Purchase Terms 2024.shtml. Once the email is clicked on, the victim is directed to a spoofed Microsoft page with their username already inputted from their email, adding to the legitimacy of the scheme and prompting the victim to enter their password.
Once the fake page has accessed the password, it harvests the credentials to access accounts and potentially compromise sensitive information, according to the BlueVoyant researchers who
discovered the campaign
.
At least 15 victims have been targeted so far from March to August, particularly in the United States and Canada, though the threat actor, considered to be an advanced adversary, remains unknown.
The BlueVoyant researchers advise that those in the manufacturing sector or related industries monitor for fake or typosquatted domains; educate employees on spear-phishing tactics that may be used against them; and leverage conditional access policies and strong authentication.

Last News
▸ SMBs can enhance security via Cloud in 4 ways. ◂ Discovered: 26/12/2024 Category: security	▸ Google and Facebook reassure U.K.: No snooping. ◂ Discovered: 26/12/2024 Category: security	▸ New startup offers human verification process. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Manufacturing Sector Under Fire From Microsoft Credential Thieves