From securityaffairs.co
Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020.
The attackers used invoice-themed XLS.HTML attachments, Microsoft reported that they changed obfuscation and encryption mechanisms every 37 days on average, a circumstance that demonstrates high motivation and the threat actors’ abilities to constantly evade detection.
“The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments.” reads the report published by the Microsoft 365 Defender Threat Intelligence Team. “Some of these code segments are not even present in the attachment itself. Instead, they reside in various open directories and are called by encoded scripts.”