Hackers utilised Morse code to evade detection in a year-lengthy phishing campaign, in accordance to Microsoft scientists.
Scientists reported the marketing campaign, very first spotted in July 2020, specific Workplace 365 users and tried to get them to hand in excess of qualifications making use of qualified, invoice-themed XLS.HTML attachments. The cyber criminals faked invoices in Excel HTML or web documents to distribute varieties to steal data.
According to researchers, the campaign’s most important purpose is to harvest usernames, passwords, and — in its far more latest iteration — other info like IP deal with and location, which attackers use as the preliminary entry place for later on infiltration attempts.
“The XLS.HTML phishing marketing campaign uses social engineering to craft email messages mimicking regular money-similar enterprise transactions, specifically sending what would seem to be seller payment tips. In some of the email messages, attackers use accented figures in the subject line,” said scientists.
Scientists stated that using XLS in the attachment file name prompts people to anticipate an Excel file. When the sufferer opens the attachment, it launches a browser window and displays a bogus Microsoft Office 365 credentials dialog box on top rated of a blurred Excel doc. “Notably, the dialog box might exhibit info about its targets, these as their email address and, in some instances, their business logo.”
Researchers extra that hackers altered obfuscation and encryption mechanisms just about every 37 times on average, “demonstrating substantial commitment and talent to regularly evade detection and hold the credential theft operation jogging.” What stood out in this marketing campaign was the amount of obfuscation deployed.
Just one abnormal obfuscation technique was the use of Morse code. Hackers utilised this in the February (“Group report/bill”) and May well 2021 (“Payroll”) waves of the marketing campaign.
Some components of this post are sourced from: