Hackers have used a credential phishing attack to steal data from Office 365, Google Workspace, and Microsoft Exchange by spoofing an encrypted mail notification from Zix. According to Armorblox security researchers, the assault impacted around 75,000 users, with small groups of cross-departmental staff being targeted in each customer environment.
Social engineering, brand impersonation, replicating existing workflows, drive-by downloads, and accessing valid domains were among the methods employed by the hackers to obtain data. “Secure Zix message” emails were sent to victims. In the body of the email, there was a header that repeated the email subject and claimed the victim had received a secure communication from Zix, a security technology company that provides email encryption and data loss prevention services.