Friday, January 15, 22:56
Home security Spear-phishing campaign targets executives from 150+ companies

Spear-phishing campaign targets executives from 150+ companies


According to the company security Group-IB, One hacking team, active since mid-2019, infringed email accounts belonging to high-ranking executives from more than 150 Companies, in the context of a spear-phishing campaign.

The group, by name PerSwaysion, mainly targets him financial sector (about half of his victims) but also Companies in other industries.

PerSwaysion's operations are not very sophisticated, but they have been extremely successful successful. Group-IB says the intruders did not use vulnerabilities or malware on attacks but relied on a classic spear-phishing technique.


They sent emails to high-ranking executives in targeted companies in the hope of deceiving them and importing Office 365 credentials on fake pages.

Group-IB said that spear-phishing attack on executives consisted of three steps:

  • Victims receive an email containing a clean file PDF as attached. If the victims open it file, they will be asked to click on a link to see the actual content.
  • The link redirects users to a page Microsoft Sway (newsletter service), where a similar file is requested from victim to click on another link.
  • This last link redirects the executive to a page that mimics the Microsoft Outlook login page. If the executives put their credentials, the hackers they will steal them.

PerSwaysion hackers acted quickly after the credentials were stolen and managed to gain access to the infringed accounts e-mail in one day.

"After sending the credentials to their command and control servers, PerSwaysion hackers connect to the compromised email accounts," said Group-IB.

"Finally, they create new phishing PDF files with the full name of the victim, email address, legal name of the company. These archives "PDFs are sent to new people, outside the victim's body, who hold important positions."

Group-IB also said that as soon as hackers send the new spear-phishing emails from a hacked account, they delete the emails from the outgoing folder to avoid detection.

At present, Group-IB does not yet know exactly what they are doing hackers from the moment the emails are stolen.

They can sell access to other criminal groups and more.

Group-IB said the PerSwaysion team appears to be made up of members based in Nigeria and South Africa and use one phishing toolkit, developed by a Vietnamese developer. The "leader" of the team is probably named "Sat».

The security company opened one website, where executives can check if accounts Their emails have been hacked by the hacking team.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...