At a glance.
- Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting.
- Emotet is back.
- Black Basta ransomware linked to Fin7.
- Russophone gang increases activity against Ukrainian targets.
- Russia regrets US lack of cooperation in cyberspace.
Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting.
Avanan today blogged about attempts by hackers to abuse Dynamics 365 Customer Voice, a Microsoft product used to gain feedback from customers. Threat actors were found to be using legitimate-appearing links from Microsoft notifications in order to send credential harvesting pages. One of the malicious emails looks like it’s from the survey feature from Dynamics 365: it informs the victim that a new voicemail has been received. Another email provides a legitimate Customer Voice link from Microsoft, but when “Play Voicemail” is clicked, which redirects to a phishing link of a lookalike Microsoft login page. The malice is in the button. For more information on what Avanan calls a "static expressway" campaign, see CyberWire Pro.