Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services
Essential information
- Published
- 27/11/2024 15:14
- Modified
- 27/11/2024 15:32
- Tags
- 2024-11-27 financial sector google docs mfa bypass phishing sim swapping telecom tracking tools weebly
- Related entities
- 35 observables, 11 techniques (mitre), 5 others
Description
A phishing campaign targeting telecommunications and financial sectors was identified in late October 2024. The attackers used Google Docs to deliver phishing links, redirecting victims to fake login pages hosted on Weebly. This method bypassed standard email filters and endpoint protections by leveraging trusted platforms. The campaign primarily targeted telecom and financial sectors with customized lures, including AT&T-themed pages and financial institution pages for US and Canadian users. The attackers used dynamic DNS for subdomain rotation and incorporated legitimate tracking tools like Sentry.io and Datadog to monitor phishing page metrics. They also employed fake multi-factor authentication prompts to enhance the appearance of authenticity and increase the chances of success.