Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Saturday, August 15th, 2020 |

Since March 2020, an ongoing series of business email compromise campaigns have been targeting business executives across the world. Threat actors dubbed “Water Nue” have harvested over 800 credentials with their limited tool-set. While Water Nue has not been observed using any types of Trojans or backdoors, it still proves effective with its well designed landing pages and use of public cloud infrastructure. Upon entering credentials on the attacker controlled landing page, a malicious JavaScript file sends the newly acquired credentials back to its Command and Control server, where the creds are used to carry out the financial fraud attack.

Sources:

Indicators of compromise:

Threat actor-managed C&C URLs:

  • https://highstreetmuch[.]xyz/hug/gate[.]php
  • https://takeusall[.]online/benzz/gate[.]PHP

Share this:

Previous
View All
Next

Not Sure Where to Start?

What is Cybersecurity ?
How Do Cyber Attacks Happen ?
How Does Atlas Work ?
Who is Atlas ?