Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services

Nov. 27, 2024, 3:32 p.m.

Description

A phishing campaign targeting telecommunications and financial sectors was identified in late October 2024. The attackers used Google Docs to deliver phishing links, redirecting victims to fake login pages hosted on Weebly. This method bypassed standard email filters and endpoint protections by leveraging trusted platforms. The campaign primarily targeted telecom and financial sectors with customized lures, including AT&T-themed pages and financial institution pages for US and Canadian users. The attackers used dynamic DNS for subdomain rotation and incorporated legitimate tracking tools like Sentry.io and Datadog to monitor phishing page metrics. They also employed fake multi-factor authentication prompts to enhance the appearance of authenticity and increase the chances of success.

External References

https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors
https://otx.alienvault.com/pulse/6747374a2634097cfb9e7269
Tags
phishing
mfa bypass
sim swapping
financial sector
2024-11-27
google docs
telecom
tracking tools
weebly

Date

  • Created: Nov. 27, 2024, 3:14 p.m.
  • Published: Nov. 27, 2024, 3:14 p.m.
  • Modified: Nov. 27, 2024, 3:32 p.m.

Indicators

  • 74.115.51.9
  • https://yahoopaymentsecurity.weebly.com
  • https://umpquawoers-accessmail.weebly.com
  • https://www.idagent.com/blog/phishing-as-a-service-phaas/
  • https://update-baca-bank-aqmakaeyaa.weebly.com
  • https://sprinto.com/blog/phishing-statistics/
  • https://signup-robinhood.weebly.com
  • https://securedprofile-infosuckkk.weebly.com
  • https://securebanklogin.weebly.com
  • https://secureaunthenticatorrrrr.weebly.com
  • https://novedadscotiab03.weebly.com
  • https://mwebservlce.weebly.com
  • https://metamask-us-extension.weebly.com
  • https://currentlyattyahoo850.weebly.com
  • https://currentilydbsbatusfitaluabutes.weebly.com
  • https://aolservlogsni.weebly.com
  • https://attmailteam87iu.weebly.com
  • https://aag-it.com/the-latest-phishing-statistics/
  • http://myredapplebank.weebly.com
  • yahoopaymentsecurity.weebly.com
  • update-baca-bank-aqmakaeyaa.weebly.com
  • signup-robinhood.weebly.com
  • umpquawoers-accessmail.weebly.com
  • securedprofile-infosuckkk.weebly.com
  • securebanklogin.weebly.com
  • secured1st-accesscode.weebly.com
  • secureaunthenticatorrrrr.weebly.com
  • novedadscotiab03.weebly.com
  • myredapplebank.weebly.com
  • mwebservlce.weebly.com
  • metamask-us-extension.weebly.com
  • currentlyattyahoo850.weebly.com
  • currentilydbsbatusfitaluabutes.weebly.com
  • attmailteam87iu.weebly.com
  • aolservlogsni.weebly.com
Download all indicators here!

Attack Patterns

Additional Informations

  • Finance
  • Telecommunications
  • Australia
  • Canada
  • United States of America