Tuesday, October 20, 13:21
Home security Spear-phishing campaign targets executives from 150+ companies

Spear-phishing campaign targets executives from 150+ companies


According to the company security Group-IB, One hacking team, active since mid-2019, infringed email accounts belonging to high-ranking executives from more than 150 Companies, in the context of a spear-phishing campaign.

The group, by name PerSwaysion, mainly targets him financial sector (about half of his victims) but also Companies in other industries.

PerSwaysion's operations are not very sophisticated, but they have been extremely successful successful. Group-IB says the intruders did not use vulnerabilities or malware on attacks but relied on a classic spear-phishing technique.


They sent emails to high-ranking executives in targeted companies in the hope of deceiving them and importing Office 365 credentials on fake pages.

Group-IB said that spear-phishing attack on executives consisted of three steps:

  • Victims receive an email containing a clean file PDF as attached. If the victims open it file, they will be asked to click on a link to see the actual content.
  • The link redirects users to a page Microsoft Sway (newsletter service), where a similar file is requested from victim to click on another link.
  • This last link redirects the executive to a page that mimics the Microsoft Outlook login page. If the executives put their credentials, the hackers they will steal them.

PerSwaysion hackers acted quickly after the credentials were stolen and managed to gain access to the infringed accounts e-mail in one day.

"After sending credentials to their command and control servers, PerSwaysion hackers are linked to compromised email accounts," Group-IB said.

"It simply came to our notice then new phishing PDF files with the full name of the victim, email address, legal name of the company. These archives PDFs are sent to new people, in addition to the victim's body, who hold important positions. "

Group-IB also said that as soon as hackers send the new spear-phishing emails from a hacked account, they delete the emails from the outgoing folder to avoid detection.

At present, Group-IB does not yet know exactly what they are doing hackers from the moment the emails are stolen.

They can sell access to other criminal groups and more.

Group-IB said the PerSwaysion team appears to be made up of members based in Nigeria and South Africa and use one phishing toolkit, developed by a Vietnamese developer. The "leader" of the team is probably named "Sat».

The security company opened one website, where executives can check if accounts Their emails have been hacked by the hacking team.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...

Hackers hijack Telegram via an SS7 attack

Hackers with access to the Signaling System 7 (SS7) used to connect to mobile networks around the world were able to ...

Windows GravityRAT malware now targets Android and macOS

GravityRAT, a malware that monitors the CPU temperature of Windows computers to detect virtual machines or sandboxes, has acquired additional ...

DDoS attacks tripled, forcing victims to pay a ransom

The last quarter of 2020 saw a wave of web application attacks that have used ransom letters to target companies in various industries ....

Phishing campaign violates Office 365 accounts through OAuth app

Security researchers have discovered a new phishing campaign that uses a Coinbase-themed email. Target of the hackers behind the campaign, ...

A hacking team donated money stolen from attacks

A hacking team donated some of the money it stole from companies to charities. This is an unprecedented case that raises ...

Instagram: Investigated by the EU for child data protection

Instagram is under investigation by the EU, as it allegedly failed to ensure the protection of children's data on its platform ....

Ransomware attack "cost" $ 300.000 in Mississippi schools!

A Mississippi school district voted to pay $ 300.000 to recover files encrypted during an ransomware attack. A...

Russian hackers were planning attacks at the Tokyo Olympics!

The UK government said yesterday that Russian hackers were preparing cyber-attacks against the organizers of the Olympic and Paralympic Games ...