The second campaign has taken a different route and is specifically going after email services which market themselves as secure, such as Tutanota and ProtonMail.ĬNET: Russian influencers thrived on Instagram after pressure on Facebook, Twitter "In 2015, we launched Yahoo Account Key, which does not utilize SMS, and encourage users to adopt this form of authentication." "The threat landscape is continually evolving, and we are committed to evolve with it to help keep our users secure," a Yahoo spokesperson said. The attack in question worked in exactly the same way when applied to Yahoo accounts. "In a completely automated fashion, the attackers managed to use our password to login into our account, obtain from us the two-factor authentication code sent to our phone, and eventually prompt us to change the password to our account," the nonprofit says.Īs the entire system is automated, the verification code can be used to compromise an account before 2FA tokens expire. The phishing page requested the code, and once input, presented the team with a form asking them to change their password before redirecting them to a legitimate Google login page. The phone number used to create the account did receive an SMS message. Once the researchers logged into one of the fraudulent domains using a throwaway Gmail address, they were alerted that a 2FA code had been sent - triggered by the automated scheme. The phishing site was designed to obtain account credentials as well as the 2FA code required to access the account.
However, what makes this campaign different is its attempts to combat 2FA, an additional layer of security implemented to protect online accounts through access codes often sent to linked mobile devices. These were often rotated to avoid shutdowns by registrars. In this scenario, the attackers sent crafted "security alert" messages with the overall aim of luring victims to malicious domains masquerading as legitimate websites belonging to Google and Yahoo.
Upon investigation, it seemed that many of the victims of a phishing campaign originated from United Arab Emirates, Yemen, Egypt, and Palestine. Throughout 20, Amnesty International was given copies of suspicious emails sent to HRDs and journalists in the Middle East and North Africa. The first campaign involves hundreds of Google and Yahoo accounts being targeted, resulting in the "successful bypass of common forms of two-factor authentication (2FA)." Within the report, the researchers say that several campaigns are underway, likely conducted by the same threat group in order to target Human Rights Defenders (HRDs).
0 kommentar(er)
