{ "name": "Pick your Poison - A Double-Edged Email Attack", "slug": "pick-your-poison-a-double-edged-email-attack", "description": "A sophisticated cyber-attack campaign has been identified, combining phishing techniques targeting Office365 credentials with malware delivery. The attackers use a file deletion reminder as a pretext, exploiting a legitimate file-sharing service to appear more credible. Upon opening a shared PDF file, users are presented with two hyperlinks: 'Preview' leads to a fake Microsoft login page for credential theft, while 'Download' initiates the installation of ConnectWise RAT malware. The malware establishes persistence through system services and registry modifications. This dual-threat approach emphasizes the need for user vigilance and education in recognizing phishing attempts and suspicious emails.", "published": "2025-04-28T14:27:21+00:00", "created_at": "2025-04-28T14:27:21+00:00", "modified_at": "2025-04-28T17:20:44+00:00", "created_at_opencti": "2025-04-28T14:27:21+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-04-08", "2025-04-28", "connectwise rat", "credential-theft", "file-sharing", "office365", "phishing", "remote access", "social engineering" ], "related_entities": { "malware": [ { "id": "legacy:malware:a03fddc08db8e92e", "name": "ConnectWise RAT", "slug": "connectwise-rat" } ], "attack_patterns": [ { "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54", "name": "T1547" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "09124a92-c11f-4571-b35b-ab0bce6dd081", "name": "T1112" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://cofense.com/blog/pick-your-poison-a-double-edged-email-attack", "https://otx.alienvault.com/pulse/680fac69fa21735eedd5b785" ] }