What is PerSwaysion Spear Phishing ?
PerSwaysion is a cybercrime group operating since mid-2019 and has breached the email accounts of high-ranking executives at more than 150 companies. Researchers discovered the campaign during an incident response named it PerSwaysion because of the “the extensive abuse of Sway service.
Microsoft Sway is a presentation program, it allows users who have a Microsoft account to combine text and media to create a presentable website.
Phishing attack sequence
- Victims receives a pdf file as an email attachment. If user opens the file, it will prompt to click a link in order the display the file contents.
- The link redirects victim to Microsoft sway page. A similar document asks victim to click on another link, and
- The last link redirects the victim to a webpage page that resembles Microsoft outlook login page, where the credentials will be collected
Recommendations
• Avoid handling files from non-trusted sources. • Provide phishing awareness trainings to your employees/contractors • Keep Anti-malware solutions at endpoint and network level updated at all time • Block IOCs mentioned in this advisory