“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators access,” a Microsoft spokesperson said. The company told affected users in an email that “the content of any emails or attachments” were not accessed in the breach earlier this year, and that it “immediately disabled the compromised credentials” once it became aware of the issue. Hackers broke into a customer support account, which then allowed them to gain unauthorised access to personal information, such as the subject lines of some emails, the identities of recipients of messages and the names of folders. While this can be tedious, it's currently the only way to easily detect lookalike sites that can be used to spread malware and other viruses.Outlook and Hotmail account holders were left vulnerable for almost three months after cyber criminals targeted Microsoft’s suite of email services boasting hundreds of millions of users.Ī number of people had their accounts compromised in a breach that took place between January 1 and March 28, according to Microsoft. In order to avoid falling victim to this campaign and other similar attacks, users should carefully inspect the web addresses of all of the sites they visit in the address bar of their browsers. He then searched for other punycode domains (opens in new tab) registered through the domain registrar (opens in new tab) NameCheap to discover that fake sites had been registered for the Tor browser, Telegram and other popular services. Head of threat intel research at the cybersecurity firm Silent Push, Martijin Gooten conducted his own investigation to see if the cybercriminals behind this campaign had registered other lookalike sites to launch further attacks. However, since it's release, the cybercriminals behind the malware have added new features including encrypted communications with C&C servers as well as the ability to steal a user's browser history from both Chrome and Firefox.
While the malware pushed by bravėcom is known as both ArechClient and SectopRat, analysis from the cybersecurity firm G Data (opens in new tab) back in 2019 revealed that it was a remote access trojan ( RAT (opens in new tab)) with the capability to stream a user's current desktop as well as to create a second invisible desktop that attackers could use.
0 kommentar(er)
