Using cross-domain threat data to disrupt a large BEC campaign

Security Alert
Published June 15, 2021

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.

ATT&CK IDS:
T1036 – MasqueradingT1102 – Web ServiceT1114 – Email CollectionT1566 – PhishingT1114.003 – Email Forwarding RuleT1193 – Spearphishing AttachmentT1020 – Automated ExfiltrationTA0003 – Persistence

Related Content

Emerging Ransomware Groups

Emerging Ransomware Groups

Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0 A look at some of the emerging ransomware groups...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.