Manufacturing Sector Under Fire From Microsoft Credential Thieves

The emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity.

Dark Reading Staff, Dark Reading

August 28, 2024

1 Min Read
A fishhook laid atop the enter key on a computer keyboard
Source: ronstik via Alamy Stock Photo

A threat actor has been targeting victims in the manufacturing sector by sending spear-phishing emails to its victims that, when clicked on, prompt them to unknowingly surrender their Microsoft credentials.

Some of the emails impersonate two large, real-life companies: Periscope Holdings, a procurement solutions company, and R.S. Hughes, a North American industrial and safety supplies distributor; they also include a file named "Product List RFQ, NDA & Purchase Terms 2024.shtml." Once the email is clicked on, the victim is directed to a spoofed Microsoft page with their username already inputted from their email, adding to the legitimacy of the scheme and prompting the victim to enter their password.

Once the fake page has accessed the password, it harvests the credentials to access accounts and potentially compromise sensitive information, according to the BlueVoyant researchers who discovered the campaign.

At least 15 victims have been targeted so far from March to August, particularly in the United States and Canada, though the threat actor, considered to be an "advanced adversary," remains unknown.

The BlueVoyant researchers advise that those in the manufacturing sector or related industries monitor for fake or typosquatted domains; educate employees on spear-phishing tactics that may be used against them; and leverage conditional access policies and strong authentication.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights