Cybersecurity researchers at Microsoft have shared extensive details about a long-running highly evasive spear-phishing campaign that has targeted Office 365 customers since at least July 2020.
In a blog post, the Microsoft 365 Defender Threat Intelligence Team shares that the campaign began with the objective of harvesting usernames, and passwords, but has since moved on to collate other information such as IP addresses and the location of its victims, which the attackers supposedly use in later infiltration attempts.
“This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving,” the researchers note.
- Shield yourself with these best identity theft protection services
- Here's our choice of the best malware removal software on the market
- Check our list of the best firewall apps and services
Since the campaign includes various details about the targets, such as their email address and company logo to appear genuine, Microsoft believes the attackers had garnered these details during an earlier reconnaissance exercise.
Constantly evolving threat
The security researchers note that this campaign is also a prime example of how email-based attacks continue to make novel attempts to bypass email security solutions.
For instance, to keep the security teams on their toes, the attackers changed obfuscation and encryption mechanisms every 37 days on average.
This campaign uses multilayer obfuscation and encryption mechanisms for known existing file types, such as JavaScript, as well as multilayer obfuscation in HTML to evade browser security solutions.
“These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments,” share the researchers, noting that some of the code segments of the campaign reside in various open directories and are called by encoded scripts.
Comparing it to a jigsaw puzzle, the researchers noted that the pieces of the campaign appear harmless individually, and only reveal their sinister intent once they are combined.
- Protect your devices with these best antivirus software
