In August of 2020, hackers launched a phishing campaign that involved spoofing Xerox scan notifications in an effort to trick individuals into opening malicious HTML attachments.

The technique was simple. It enabled hackers to bypass Microsoft Office ATP and to pinch over 1,000 corporate credentials. Thousands of organizations were hit with the attack.

Image courtesy of Check Point Software.

A phishing attack gone sideways

Attackers made an error in their attack chain process that rendered stolen credentials exposed to the public internet.

Typically, hackers engage in cyber criminal activity in order to gain stolen credentials and to sell them for a profit on the dark web.

However, these hackers bungled their mission. They accidentally dumped their stolen loot on the public internet, enabling every hacker to access them free of charge. For the original hackers, these credentials no longer held value on the dark web.

With a quick Google search, anyone could have picked up the password to one of the email addresses stolen in this breach. “…a gift to every opportunistic attacker,” Check Point security researchers wrote.

“This was a clear operation security failure for the attackers,” says Lotem Finklesteen, head of threat intelligence for Check Point Software.

Which industries were impacted by the attack?

  • Retail
  • Manufacturing
  • Healthcare
  • IT sector

What else do we know about this phishing campaign?

It is suspected that this is not the attackers’ first phishing campaign. Emails and JavaScript encoding within this attack happen to mirror those used in a May 2020 phishing campaign.

For more on this story, click here.