Today > | 16 High | 29 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services

Nov. 27, 2024, 3:32 p.m.

Tags
phishing
mfa bypass
sim swapping
financial sector
2024-11-27
google docs
telecom
tracking tools
weebly
External References
Description

A phishing campaign targeting telecommunications and financial sectors was identified in late October 2024. The attackers used Google Docs to deliver phishing links, redirecting victims to fake login pages hosted on Weebly. This method bypassed standard email filters and endpoint protections by leveraging trusted platforms. The campaign primarily targeted telecom and financial sectors with customized lures, including AT&T-themed pages and financial institution pages for US and Canadian users. The attackers used dynamic DNS for subdomain rotation and incorporated legitimate tracking tools like Sentry.io and Datadog to monitor phishing page metrics. They also employed fake multi-factor authentication prompts to enhance the appearance of authenticity and increase the chances of success.

Date

Published: Nov. 27, 2024, 3:14 p.m.

Created: Nov. 27, 2024, 3:14 p.m.

Modified: Nov. 27, 2024, 3:32 p.m.

Indicators

74.115.51.9

https://yahoopaymentsecurity.weebly.com

https://umpquawoers-accessmail.weebly.com

https://www.idagent.com/blog/phishing-as-a-service-phaas/

https://update-baca-bank-aqmakaeyaa.weebly.com

https://sprinto.com/blog/phishing-statistics/

https://signup-robinhood.weebly.com

https://securedprofile-infosuckkk.weebly.com

https://securebanklogin.weebly.com

https://secureaunthenticatorrrrr.weebly.com

https://novedadscotiab03.weebly.com

https://mwebservlce.weebly.com

https://metamask-us-extension.weebly.com

https://currentlyattyahoo850.weebly.com

https://currentilydbsbatusfitaluabutes.weebly.com

https://aolservlogsni.weebly.com

https://attmailteam87iu.weebly.com

https://aag-it.com/the-latest-phishing-statistics/

http://myredapplebank.weebly.com

yahoopaymentsecurity.weebly.com

update-baca-bank-aqmakaeyaa.weebly.com

signup-robinhood.weebly.com

umpquawoers-accessmail.weebly.com

securedprofile-infosuckkk.weebly.com

securebanklogin.weebly.com

secured1st-accesscode.weebly.com

secureaunthenticatorrrrr.weebly.com

novedadscotiab03.weebly.com

myredapplebank.weebly.com

mwebservlce.weebly.com

metamask-us-extension.weebly.com

currentlyattyahoo850.weebly.com

currentilydbsbatusfitaluabutes.weebly.com

attmailteam87iu.weebly.com

aolservlogsni.weebly.com

Download all indicators here!

Attack Patterns

T1102.002

T1185

T1204.001

T1566.002

T1189

T1059.007

T1056.001

T1199

T1102

T1566

T1078

Additional Informations

Finance

Telecommunications

Australia

Canada

United States of America