A sophisticated phishing campaign targeting Central and Eastern European organizations has emerged, impersonating global brands to deceive users into surrendering login credentials. This attack method employs self-contained HTML files as email attachments, which are designed to bypass traditional security systems by eliminating external URLs. The phishing emails often pose as legitimate business inquiries by using RFC-compliant filenames that correspond with procurement processes in sectors such as agriculture and automotive.
The campaign’s technical approach is notable for its use of embedded JavaScript to capture credentials and send them directly to attacker-controlled Telegram bots. Analysts have identified two implementation variants with differing complexities, including the use of CryptoJS AES encryption for obfuscation and advanced anti-forensics techniques blocking code inspection. Given its sophisticated nature, the attack requires targeted preventative measures, including the deployment of HTML attachment controls and content inspection policies to mitigate risks.
👉 Pročitaj original: Cyber Security News
