Skip to main content

Posts

Showing posts from March 20, 2020

APT28 Attacks Webmail and Microsoft Exchange Servers to Launch Sophisticated Spear Phishing Attacks

Pawn Storm having a group also known as  APT28 , Strontium, and  Fancy Bear  active since at least 2004, the group has targeted many organizations globally. The threat actors behind the hacking group use sophisticated social engineering lures, data-stealing malware, several zero-days, and even a private exploit kit. Attack on Webmail servers According to a new report from Trend Micro, the hacker group searches for vulnerable mail servers, for the past 2 years to launch sophisticated phishing campaigns. Starting from 2019 the group probes on several email servers and Microsoft Exchange services around the world. Threat actors aimed at TCP port 443 (used by webmail and Microsoft Exchange Autodiscover services), IMAP port (143, 993), PoP3 port (110, 995) and SMTP port(465, 587) are checked. Pawn Storm Phishing Campaign The attack was conducted aiming to exfiltrate data such as vulnerable systems, brute force credentials, exfiltrate email data, and send out...