{ "name": "Microsoft advertisers phished via malicious Google ads", "slug": "microsoft-advertisers-phished-via-malicious-google-ads", "description": "Malicious actors are targeting Microsoft advertisers through fraudulent Google ads, aiming to steal login credentials for Microsoft's advertising platform. The campaign involves sophisticated techniques like cloaking, Cloudflare challenges, and redirection chains to evade detection. Phishing pages imitate the Microsoft Advertising platform, attempting to bypass 2-Step verification. The attack appears to be part of a larger, long-running campaign potentially affecting multiple advertising platforms. Users are advised to verify URLs carefully, use 2-Step verification wisely, monitor accounts regularly, and report suspicious ads. The article provides numerous indicators of compromise, including malicious domains associated with the campaign.", "published": "2025-01-31T08:50:48+00:00", "created_at": "2025-01-31T08:50:48+00:00", "modified_at": "2025-01-31T09:07:30+00:00", "created_at_opencti": "2025-01-31T08:50:48+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-01-31", "credential-theft", "google ads", "phishing" ], "related_entities": { "observables": [ { "id": "", "name": "www55.con-webs.com" }, { "id": "", "name": "www34.con-webs.com" }, { "id": "", "name": "www-v.userads.digital" }, { "id": "", "name": "www-bingads.com" }, { "id": "", "name": "www-microsoftsads.com" }, { "id": "", "name": "rnlcrosoft.smartlabor.it" }, { "id": "", "name": "mictrest.mnws.ru" }, { "id": "", "name": "microsofyt.adversing-publicidade.pro" }, { "id": "", "name": "microosft.accounts-ads.site" }, { "id": "", "name": "login.microsofttclicks.live" }, { "id": "", "name": "login.adsadvertising.online" }, { "id": "", "name": "login-adsmicrosoft.helpexellent.com" }, { "id": "", "name": "bltrue.colnhouse-fr.us" }, { "id": "", "name": "adsmicro.exchangefastex.cloud" }, { "id": "", "name": "bing.login-acount.me" }, { "id": "", "name": "ads.rnlcrosoft.com.euroinvest.ge" }, { "id": "", "name": "ads.msicrosoft.com" }, { "id": "", "name": "ads.mlcrosoft.com.poezija.com.hr" }, { "id": "", "name": "ads.mlcrosoft.com.ciree.com.br" }, { "id": "", "name": "ads.mlcr0soft.com" }, { "id": "", "name": "ads.microsoft.com.euroinvest.ge" }, { "id": "", "name": "ads.mcrosoftt.com" }, { "id": "", "name": "ads-mlcrosoft-com.blokchaln.com" }, { "id": "", "name": "ads-microsoft.lubrine.com.br" }, { "id": "", "name": "ads-microsoft.coachb-learning.com" }, { "id": "", "name": "ads-microsoft.bewears.com" }, { "id": "", "name": "account.colndcx-app.com" }, { "id": "", "name": "wvvw-microsoft.xyz" }, { "id": "", "name": "uiiadvertise.online" }, { "id": "", "name": "sig-in-mlcrosoft-advertisings.site" }, { "id": "", "name": "prokrakenportfolio.com" }, { "id": "", "name": "pro-digitalus.com" }, { "id": "", "name": "potfolioskraneken.com" }, { "id": "", "name": "potfolioskranaken.com" }, { "id": "", "name": "potfolioskraineken.com" }, { "id": "", "name": "potfolioskenaken.com" }, { "id": "", "name": "potfolioskaneken.com" }, { "id": "", "name": "potfolioketonelen.com" }, { "id": "", "name": "potfoliokenkren.com" }, { "id": "", "name": "potfoliokenaiken.com" }, { "id": "", "name": "potfoliokelaneken.com" }, { "id": "", "name": "potfoliokelaken.com" }, { "id": "", "name": "potfoliokeiolenen.com" }, { "id": "", "name": "portofolioprospots.com" }, { "id": "", "name": "portfolioskranen.com" }, { "id": "", "name": "portfoliopro-us.com" }, { "id": "", "name": "portfoliolkraken.com" }, { "id": "", "name": "portfoliokrakenus.com" }, { "id": "", "name": "ndnet.shop" }, { "id": "", "name": "phlyd.com" }, { "id": "", "name": "mudinhox.site" }, { "id": "", "name": "mlcrosoftadvertlsing.online" }, { "id": "", "name": "mlcrosoft-bing-acces.click" }, { "id": "", "name": "microsoftbingads.com" }, { "id": "", "name": "microsoftadversiting.cloud" }, { "id": "", "name": "microsoftadss.com" }, { "id": "", "name": "lkub.com" }, { "id": "", "name": "micrasofit.xyz" }, { "id": "", "name": "krakeri-login.com" }, { "id": "", "name": "itlinks.com.cn" }, { "id": "", "name": "homee-acount.com" }, { "id": "", "name": "global-verify.com" }, { "id": "", "name": "global-verifications.com" }, { "id": "", "name": "forteautomobile.com" }, { "id": "", "name": "connec-exchan.site" }, { "id": "", "name": "digitechmedia.agency" }, { "id": "", "name": "colneex-plalform.cloud" }, { "id": "", "name": "blseaccount.cloud" }, { "id": "", "name": "blngad.online" }, { "id": "", "name": "bitmax-us.com" }, { "id": "", "name": "bing-ads.com" }, { "id": "", "name": "agency-wasabi.com" }, { "id": "", "name": "advertsingsinginbing.com" }, { "id": "", "name": "advertising-mlcrosoft.org" }, { "id": "", "name": "adverts2023.online" }, { "id": "", "name": "advertising-bing.site" }, { "id": "", "name": "advertiseliveonline.com" }, { "id": "", "name": "adsverstoni.com" }, { "id": "", "name": "adsmicrosoft.shop" }, { "id": "", "name": "adslbing.com" }, { "id": "", "name": "ads-mlcrosft.com" }, { "id": "", "name": "ads-miicrosoft.com" }, { "id": "", "name": "ads-microsoftz.online" }, { "id": "", "name": "ads-microsoft.shop" }, { "id": "", "name": "ads-microsoft.online" }, { "id": "", "name": "ads-microsoft.click" }, { "id": "", "name": "ads-microsoft.live" }, { "id": "", "name": "ads-dsas.site" }, { "id": "", "name": "ads-adversitingb.com" }, { "id": "", "name": "admicrsdft.com" }, { "id": "", "name": "admicrosoft.com" }, { "id": "", "name": "acount-exchang.store" }, { "id": "", "name": "accounts-mircrosoft-ads.online" }, { "id": "", "name": "account-mircrosoft-ads.com" }, { "id": "", "name": "account-microsoft.site" }, { "id": "", "name": "account-microsoft.online" }, { "id": "", "name": "aboutblngmicro.cloud" }, { "id": "", "name": "aboutadvertselive.com" }, { "id": "", "name": "30yp.com" }, { "id": "", "name": "accounts-ads.site" }, { "id": "", "name": "microsoft-ads.website" } ], "attack_patterns": [ { "id": "75702b35-b790-4504-a1e0-7829e76f22e9", "name": "T1585" }, { "id": "9c5a20d1-0df9-4e99-bcc5-0b731a78b5d1", "name": "T1608" }, { "id": "5c67e5d2-bc85-4ce0-822d-f2f5d3b0ae4e", "name": "T1185" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" }, { "id": "9f11a241-9abc-4c57-95dd-33955ab08826", "name": "T1078" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "others": [ { "id": "", "name": "Brazil" }, { "id": "", "name": "Advertising" }, { "id": "", "name": "Technology" } ] }, "external_refs": [ "https://www.malwarebytes.com/blog/news/2025/01/microsoft-advertisers-phished-via-malicious-google-ads", "https://otx.alienvault.com/pulse/679c9cf8c1917fd0b631317e" ] }