![]() We have alerted FireVPS of this and have yet to hear from them. ![]() The emails sent to the victims are sent from the RDP service. They prompt the targets to click the embedded link in the email if they want to continue using the same password choosing the “Keep Password” option leads the user to the phishing page.įireVPS is a virtual private server (VPS) offering a range of Windows remote desktop protocol (RDP) plans for their respective customers. We observed the attackers targeting potential victims with emails containing fake Office 365 password expiration reports as lures. Luring victims with compromised infrastructure We are now working with the respective authorities for further investigation. As of this writing, we found over 300 unique compromised URLs and 70 email addresses from eight compromised sites, including 40 legitimate emails of company CEOs, directors, owners, and founders, among other enterprise employee targets. The attackers reuse compromised hosts for the phishing pages targeting organizations in the manufacturing, real estate, finance, government, and technological industries in several countries such as Japan, the United States, UK, Canada, Australia, and Europe. ![]() We have been following an evolving phishing campaign that targets high-ranking company executives since May 2020.
0 Comments
Leave a Reply. |