TTL OSINT

Netskope Report Details Exponential Increase in Microsoft Sway QR Code Phishing

A recent Netskope report reveals a surge in Microsoft Sway QR code phishing, or "quishing," campaigns. These campaigns, which have increased by 2,000 times in July 2024, use legitimate cloud offerings like Microsoft Sway to host fake pages, aiming to steal MS Office credentials. The attacks primarily target Asia and North America, mainly in sectors like Technology, Manufacturing, and Finance. The report provides recommendations and indicators of compromise (IOCs) to help organizations protect themselves. Quishing campaigns are becoming more sophisticated, using techniques like Cloudflare Turnstile to bypass static website scanners and transparent phishing techniques to collect login credentials. To avoid becoming a victim, users should type URLs directly into the web browser and be cautious of suspicious links or images. Organizations should review their security policies and ensure adequate protection against these phishing pages and scams.

Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.

Reference:https://rhisac.org/threat-intelligence/report-calls-attention-to-a-new-qr-code-phishing-campaign-that-leverages-microsoft-sway-infrastructure-to-host-fake-pages-highlighting-the-abuse-of-legitimate-cloud-offerings-for-malicious-purposes/

Sample Indicators of Compromise:

• login.msofficeopt.nl
• ffnthost365.cfd
• gdu.msofficeopt.nl
• msntntion0.cfd
• nedttis365.xyz

Следите за киберугрозами вместе с экспертами CRATU!
Анализ реальных атак, техники APT-групп, новые уязвимости, практические рекомендации по детекту и доля иронии — всё, как вы любите.

CRATU — ваш инсайдерский источник по кибербезопасности. Подписывайтесь на наш Telegram-канал