Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Kaspersky Lab’s Amazon SES token was used for phishing

Now Reading
Kaspersky Lab’s Amazon SES token was used for phishing

Kaspersky Lab reported that its legitimate Amazon Simple Email Service (SES) token, previously issued to a third-party contractor, was used by cybercriminals as part of a phishing campaign aimed at Office 365 users.

Amazon SES is a scalable email service that allows developers to send emails from any application, including marketing and bulk mailing.

Experts associate these phishing attacks with several criminal groups that used two cornerstones of phishing for the attacks: Iamtheboss and MIRCBOOT.

This token was issued to a third party contractor during testing of the 2050.earth site. The site is also hosted on the Amazon infrastructure. After phishing attacks were detected, the SES token was immediately revoked. There were no signs of server hacking, unauthorized database access or any other malicious activity on 2050.earth and related services.the company said.

The attackers did not try to impersonate Kaspersky Lab, but disguised their messages as missed fax notifications, redirecting potential victims to phishing pages designed to collect their credentials.

Phishing page

In doing so, the criminals used the official mail of Kaspersky Lab and sent letters from the Amazon Web Services infrastructure, which probably helped them to bypass most of the Secure Email Gateway (SEG) protections.

These emails have different sender addresses, including but not limited to noreply@sm.kaspersky.com. The site is also hosted in Amazon infrastructure. Upon discovery of these phishing attacks, the SES token was immediately revoked. No server compromise, unauthorized database access or any other malicious activity was found at 2050.earth and associated services.Kaspersky Lab specialists warned.

Kaspersky Lab encourages users that were affected by these targeted phishing attacks to exercise caution and remain vigilant even when prompted for their credentials or other confidential information, even if messages requesting such information come from familiar brands or email addresses.

Let me remind you that I also talked about, that Kaspersky Password Manager generated weak passwords due to a bug.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response