Using cross-domain threat data to disrupt a large BEC campaign

Security Alert
Published June 15, 2021

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.

T1036 – MasqueradingT1102 – Web ServiceT1114 – Email CollectionT1566 – PhishingT1114.003 – Email Forwarding RuleT1193 – Spearphishing AttachmentT1020 – Automated ExfiltrationTA0003 – Persistence

Related Content

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.