Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Credential Phishing Pages Mimicking Legitimate Webmail Login Portals

Sept. 18, 2024, 9:01 a.m.

Description

Since August 2024, an India-linked threat actor has been targeting entities in China and South Asia using credential phishing pages that mimic legitimate webmail login portals. The campaign primarily focuses on government and defense sectors. The phishing domains share common characteristics, including registration via 1api, use of Royalhost nameservers, and resolution to IP address 65.21.85[.]206. The actor employs domain naming conventions related to webmail login or file download themes, often combined with references to specific targeted entities. Some domains redirect to credential phishing pages hosted on Netlify. The tactics, techniques, and procedures are consistent with previously reported Indian targeted intrusion actors, such as Sidewinder and Patchwork.

Date

Published: Sept. 18, 2024, 8:39 a.m.

Created: Sept. 18, 2024, 8:39 a.m.

Modified: Sept. 18, 2024, 9:01 a.m.

Indicators

securitychallenge-cetci.mail-sessionexpired.com

proposal-pdf-login.mail-sessionexpired.com

preview-files-login.mail-sessionexpired.com

pla-navy-seecure-drive.mail-files-open-preview.com

never-giveup.mail-downloadfiles.com

netease-secure.mail-files-open-preview.com

navy.lk.mails-gov.com

mod.gov.cn.inviation.mail-files-open-preview.com

download-all.mail-files-open-preview.com

download-attachments.mail-files-open-preview.com

coremail-files-downloads.mail-files-open-preview.com

attachments-secure-check.mail-files-open-preview.com

coremail-downloads.mail-files-open-preview.com

app-all.mail-files-open-preview.com

all-files.mail-sessionexpired.com

alitcn.mail-files-open-preview.com

nepal-mofa.com

mailbox-owa-bd.com

mail-sessionexpired.com

mail-files-open-preview.com

Attack Patterns

India-nexus targeted intrusion actor

T1608.004

T1583.001

T1589

T1566.002

T1584

T1566

Additional Informations

Defense

Government

British Indian Ocean Territory

Sri Lanka

Nepal

Bangladesh

India

China