Manufacturing Sector Under Fire From Microsoft Credential Thieves

A threat actor has been targeting victims in the manufacturing sector by sending spear-phishing emails to its victims that, when clicked on, prompt them to unknowingly surrender their Microsoft credentials.

Some of the emails impersonate two large, real-life companies: Periscope Holdings, a procurement solutions company, and R.S. Hughes, a North American industrial and safety supplies distributor; they also include a file named "Product List RFQ, NDA & Purchase Terms 2024.shtml." Once the email is clicked on, the victim is directed to a spoofed Microsoft page with their username already inputted from their email, adding to the legitimacy of the scheme and prompting the victim to enter their password.

Once the fake page has accessed the password, it harvests the credentials to access accounts and potentially compromise sensitive information, according to the BlueVoyant researchers who discovered the campaign.

At least 15 victims have been targeted so far from March to August, particularly in the United States and Canada, though the threat actor, considered to be an "advanced adversary," remains unknown.

The BlueVoyant researchers advise that those in the manufacturing sector or related industries monitor for fake or typosquatted domains; educate employees on spear-phishing tactics that may be used against them; and leverage conditional access policies and strong authentication.