Pawn Storm having a group also known as APT28 , Strontium, and Fancy Bear active since at least 2004, the group has targeted many organizations globally. The threat actors behind the hacking group use sophisticated social engineering lures, data-stealing malware, several zero-days, and even a private exploit kit. Attack on Webmail servers According to a new report from Trend Micro, the hacker group searches for vulnerable mail servers, for the past 2 years to launch sophisticated phishing campaigns. Starting from 2019 the group probes on several email servers and Microsoft Exchange services around the world. Threat actors aimed at TCP port 443 (used by webmail and Microsoft Exchange Autodiscover services), IMAP port (143, 993), PoP3 port (110, 995) and SMTP port(465, 587) are checked. Pawn Storm Phishing Campaign The attack was conducted aiming to exfiltrate data such as vulnerable systems, brute force credentials, exfiltrate email data, and send out spam waves.
The Hacks001 blog is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.