Common Information
| Type | Value |
|---|---|
| Value |
Spearphishing via Service - T1566.003 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may send spearphishing messages via third-party services in an attempt to gain access to victim systems. Spearphishing via service is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of third party services rather than directly via enterprise email channels. All forms of spearphishing are electronically delivered social engineering targeted at a specific individual, company, or industry. In this scenario, adversaries send messages through various social media services, personal webmail, and other non-enterprise controlled services.(Citation: Lookout Dark Caracal Jan 2018) These services are more likely to have a less-strict security policy than an enterprise. As with most kinds of spearphishing, the goal is to generate rapport with the target or get the target's interest in some way. Adversaries will create fake social media accounts and message employees for potential job opportunities. Doing so allows a plausible reason for asking about services, policies, and software that's running in an environment. The adversary can then send malicious links or attachments through these services. A common example is to build rapport with a target via social media, then send content to a personal webmail service that the target uses on their work computer. This allows an adversary to bypass some email restrictions on the work account, and the target is more likely to open the file since it's something they were expecting. If the payload doesn't work as expected, the adversary can continue normal communications and troubleshoot with the target on how to get it working. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-04 | 24 | From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West | ||
| Details | Website | 2024-04-04 | 67 | BlueDuck: an(other) Infostealer Coveting Digital Marketing Agencies’ Facebook Business Accounts | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-04-16 | 4 | Evolution of Spear-Phishing techinques of Notorious Threat Groups | ||
| Details | Website | 2023-02-20 | 4 | The Holy Bible of Threat Intelligence | ||
| Details | Website | 2022-10-18 | 104 | LAZARUS greift die Niederlande und Belgien an | ||
| Details | Website | 2022-09-14 | 53 | DPRK Job Opportunity Phishing via WhatsApp | PuTTY Utility | ||
| Details | Website | 2022-01-06 | 76 | NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies | ||
| Details | Website | 2021-05-27 | 39 | New sophisticated email-based attack from NOBELIUM - Microsoft Security Blog | ||
| Details | Website | 2021-04-27 | 236 | Lazarus Group Recruitment: Threat Hunters vs Head Hunters | ||
| Details | Website | 2021-04-06 | 71 | McAfee Defender’s Blog: Cuba Ransomware Campaign | McAfee Blog | ||
| Details | Website | 2020-07-30 | 18 | McAfee Defender’s Blog: Operation North Star Campaign | McAfee Blog | ||
| Details | Website | 2020-06-17 | 37 | Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity | ||
| Details | Website | 2020-01-29 | 54 | Emotet Technical Analysis - Part 1 Reveal the Evil Code |