April 25, 2024 at 10:15AM
Netcraft warns of threat actors using compromised email accounts to send phishing emails with links to malicious PDF files on Autodesk Drive. Attackers tailor their emails with legitimate senders’ information to appear credible. Recipients are directed to phishing pages and prompted to provide Microsoft account credentials. The attacks are highly targeted and global in scale, posing a significant threat.
From the meeting notes, it is evident that threat actors are utilizing compromised email accounts to distribute phishing emails. The emails contain links to malicious PDF files hosted on Autodesk Drive. These phishing emails are crafted to appear legitimate, as they use the senders’ signature footers and include shortened links to the malicious PDFs. Recipients who attempt to view the documents are taken to a phishing page and prompted to provide their Microsoft account credentials. Once these credentials are entered, the victims are redirected to a OneDrive-hosted document to conceal the theft of their credentials. Additionally, the attackers are tailoring their attacks for multiple countries and regions, using PDF documents in various languages. The scale of these attacks and the use of customized PDF documents suggest a level of templating and automation, which has the potential to lead to well-targeted compromises on a global level. These insights have been distilled from the meeting notes provided by cybersecurity firm Netcraft.