Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
Since March 2020, an ongoing series of business email compromise campaigns have been targeting business executives across the world. Threat actors dubbed “Water Nue” have harvested over 800 credentials with their limited tool-set. While Water Nue has not been observed using any types of Trojans or backdoors, it still proves effective with its well designed landing pages and use of public cloud infrastructure. Upon entering credentials on the attacker controlled landing page, a malicious JavaScript file sends the newly acquired credentials back to its Command and Control server, where the creds are used to carry out the financial fraud attack.
Sources:
Indicators of compromise:
Threat actor-managed C&C URLs:
- https://highstreetmuch[.]xyz/hug/gate[.]php
- https://takeusall[.]online/benzz/gate[.]PHP