December 13, 2023 at 10:42AM
Cybersecurity firm Abnormal Security reported that threat actors behind the BazaCall phishing attacks are now using Google Forms to enhance the credibility of their scheme, demonstrating a new attack variant. This method aims to bypass secure email gateways by leveraging trusted domains and dynamically generated URLs. Additionally, recruiters are being targeted by a phishing campaign deploying the More_eggs backdoor.
Key points from the meeting notes:
1. BazaCall phishing attacks are now leveraging Google Forms to enhance the authenticity of their schemes.
2. The attacks involve impersonating legitimate subscription notices (e.g., Netflix, Norton) to induce a false sense of urgency and gain remote access capabilities on the target’s host.
3. The use of Google Forms allows the attackers to bypass secure email gateways and evade traditional security measures.
4. Another phishing campaign targets recruiters with direct emails leading to a JavaScript backdoor known as More_eggs, attributed to a financially motivated threat actor tracked as TA4557.
These meeting notes highlight evolving tactics used by threat actors in phishing attacks and underline the importance of remaining vigilant against such cyber threats.