Hackers’ Mistake – Stolen Data Becomes Available Through GOOGLE

Due to the hackers’ mistake, the stolen data became available through Google

Hackers have stolen at least 1,000 logins and passwords for logging into corporate accounts in Office 365. The hackers, who attacked thousands of organizations around the world in a massive phishing campaign. Forgot to protect their catch, and as a result it became available through Google search.

The phishing campaign, which lasted more than half a year, used dozens of domains with fake Microsoft Office 365 authorization pages. Despite the use of very simple techniques. The attackers were able to successfully bypass security filters for emails. So they collected at least 1,000 logins and passwords for authorization in corporate Microsoft Office 365 accounts.

Check Point and Otorio, who studied the phishing campaign, discovered that the hackers mistakenly made the stolen data available over the open Internet. According to experts, the attackers saved the stolen information on domains specially registered for this, but placed the data in a publicly accessible file, and the Google search engine indexed it.

The researchers also found that the attackers had compromised legitimate WordPress servers in order to use them to host phishing PHP pages. As experts explained, cybercriminals prefer to use compromised servers instead of their own infrastructure due to the good reputation of compromised sites.

Furthermore,

After examining information from about 500 entries, the researchers were able to determine that the victims of the phishing campaign were most often companies in the construction sector (16.7%), energy (10.7%) and information technology (6.0%).

In order to lure victims to fraudulent pages, cybercriminals used several themes in phishing emails. The subject field included the victim’s name or company name, and the attachment contained a scanned HTML notification.

Opening an attachment through a default web browser displayed a blurry image overlaid with a fake Microsoft Office 365 login form. “This document is password protected. Please enter your password ”, – was reported in the authorization form. The username field was already filled in with the victim’s email address, and the victim did not have any suspicions.

JavaScript code running in the background authenticated the victim’s credentials, sent them to a server controlled by the attackers, and redirected the victim to the real authorization page in Microsoft Office 365 to distract attention.

To bypass the detection, the hackers sent out phishing emails from compromised mailboxes. For example, in one of the attacks, cybercriminals impersonated the German hosting provider IONOS by 1 & 1. Although the phishing campaign began in August 2020, researchers also found phishing emails dated May 2020.

Henceforth, WE WISH TO ANNOUNCE THAT OUR SERVICES ARE NOT AVAILABLE TO PEOPLE FROM NIGERIA AND INDIA. THESE ARE USELESS TIME WASTERS AND THIEVES TRYING TO BEG OR SCAM US OF OUR PRODUCTS. OUR SERVICES ARE NOT FREE AND PAYMENT IS UPFRONT

A LOT OF FOOLS FROM NIGERIA AND INDIA. on the off chance that YOU DON’T TRUST TO USE OUR SERVICES, DON’T CONTACT US AS WE HAVE NO FREE SERVICE

CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY :

EMAIL: hovatools@gmail.com

ICQ: hovatools  CLICK HERE

TELEGRAM: @hovatool  CLICK HERE

HI BUYERS, WE ARE A PROFESSIONAL CARDING AND HACKING TEAM. HOVATOOLS HAS BEEN AROUND SINCE THE TIME OF EVO MARKET, ALPHABAY, WALLSTREET MARKET AND MORE. WE ALSO REMAIN STRONG AND RELIABLE IN THE INDUSTRY, ALWAYS PROVIDING YOU WITH THE BEST QUALITY TOOLS TO HELP YOU MAKE MONEY AND MAXIMIZE PROFIT IN THE FRAUD GAME.

TO GET STARTED, YOU CAN VISIT OUR ONLINE SHOP/STORE TO BUY EVERYTHING YOU NEED TO START CASHING OUT.  AT THE SHOP YOU GET Accounts & Bank Drops CVV & CARDS DUMPS PERSONAL INFORMATION & SCAN.

BANK HACKING SOFTWARE – WIRE/ACH DARKWEB MONEY TRANSFER HACKERS

Buy Fresh Credit Cards for Carding, Buy Bank Login, RDP, Buy Hacked Paypal accounts. Contact us to buy all tools and carding software. CLICK HERE TO VISIT OUR SHOP
Buy Socks 5, Enail Leads, Buy Latest CC to Bitcoin Cashout Guide, Buy Hacked Zelle transfer , Western Union Money Transfer Hack, Buy Hacked Money Transfer service to your bank account.
Enroll for Paid private Carding Class.

Leave a Reply