Researchers have uncovered an ongoing phishing campaign targeting various human rights organizations. Some victims include the United Nations (UN), UNICEF, the Red Cross, UN World Food, among others.
The campaign uses landing pages that impersonate legitimate Microsoft Office 365 login pages.
Since March of this year, the phishing campaign has been actively launching attacks on these organizations, researchers at Lookout Phishing AI report. Even worse, none of the phishing sites Lookout discovered were included in Google Safe Browsing.
In a statement to ZDNet, Jeremy Richards, principal security researcher at Lookout, said:
“The motive of the attack is to compromise Okta and Microsoft credentials to gain access to these accounts, which could be used for further attacks or intelligence gathering.”
Also worth noting, analysis of this particular campaign determined that it’s not like other phishing campaigns.
For one, the pages on the phishing sites were mobile-friendly and also contained a code that logged passwords as they were entered in real-time.
So, even “if a target doesn’t complete the login activity by pressing the login button or if they enter another, unintended password, this information is still sent back to the command and control infrastructure operated by the malicious actor.”
Lastly, the attackers are also using SSL certificates as another way to increase the illusion that their phony site is a legitimate Microsoft Office 365 login page. Worse still, Lookout says at least six of the servers hosting these sites are still active today.
For a full list of humanitarian aid organizations currently under attack, the phishing URLs, and the SSL certificates, click here.