Common Information
| Type | Value |
|---|---|
| Value |
Web Portal Capture - T1056.003 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may install code on externally facing portals, such as a VPN login page, to capture and transmit credentials of users who attempt to log into the service. For example, a compromised login page may log provided user credentials before logging the user in to the service. This variation on input capture may be conducted post-compromise using legitimate administrative access as a backup measure to maintain network access through [External Remote Services](https://attack.mitre.org/techniques/T1133) and [Valid Accounts](https://attack.mitre.org/techniques/T1078) or as part of the initial compromise by exploitation of the externally facing web service.(Citation: Volexity Virtual Private Keylogging) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-22 | 5 | Roundcube Vulnerability (CVE-2024-37383) Exploited in Phishing Attacks Targeting Government Agencies for Credential Theft - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-22 | 5 | Roundcube Vulnerability (CVE-2024-37383) Exploited in Phishing Attacks Targeting Government Agencies for Credential Theft | ||
| Details | Website | 2024-10-16 | 10 | From QR to compromise: The growing “quishing” threat | ||
| Details | Website | 2024-10-10 | 32 | Telekopye transitions to targeting tourists via hotel booking scam | ||
| Details | Website | 2024-10-09 | 22 | APT 40 Advisory PRC MSS Tradecraft In Action Summary | ||
| Details | Website | 2024-07-10 | 136 | FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered. 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns. - Silent Push | ||
| Details | Website | 2022-08-17 | 100 | UNC3890 | Suspected Iranian Threat Actor Targets Israel | ||
| Details | Website | 2022-08-17 | 100 | Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors | Mandiant | ||
| Details | Website | 2021-02-03 | 34 | MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server |