Since last year, a growing number of reports targeting high ranking officials from small to medium businesses have been recorded linking to Perswaysion hacking attack. Executive Monitoring did by a group of cyber researcher name Group-IB confirmed at least 156 officials from the US, Germany, the UK, Netherlands, Hong Kong, and Singapore had their email accounts been compromised of this hideous act.
Tagged as ‘Perswaysion’ derived from the medium it used to attack targets through Microsoft Sway for file sharing, the embedded malicious files are included to a legit file that is being sent through email and attachment files. As a 3-layered email phishing scam, targeted officials are being sent an email with a file-sharing attachment that once open, will redirect them to the phishing site where they need to fill up information to initiate the sharing. Hence, sensitive data are captured by the attacker.
The origin of the code was traced back to Vietnam and was distributed in Nigeria and South Africa. The latter groups will perform the chain attack to their targeted profile. They added to the report that the initial target official came from a filtered profile from LinkedIn. Once the targeted profile email has been compromised, attackers will able to remotely scan the contents of its inboxes to check for other possible victims. Else, they will mirror the profile and email attributes of the company. After which, they will send out compromised emails to different targeted profile outside the organization using the email address and legit email system of the hacked organization to avoid anti-phishing detection application of other entity.
In the summary report, Group-IB has not yet confirmed if the solicited compromised corporate data are being sold to other malicious actors or have been used to other fraudulent attacks. However, recent Cyber Solutions researchers able to report that a recent attack to some high ranking officials in Europe and Asia accumulating over million dollars of investment scam using email hacking as the medium is yet to be confirmed to be linked onto this report.
For immediate resolution and to stop possible chained attacks onto these incidents, Group-IB had set up on their group page an email/profile scanner to check for possible infection of this malicious activity. However, they warned that to only use this resolution if they highly suspect that they are infected as this will ask for sensitive information of the user.