Also, the passwords for these email addresses were randomly generated consisting of 16 lowercase characters. The email addresses contained strings related to LinkedIn, such as: "linkedinjob" or "linkedin.office". All the Yandex-based email addresses that were used to exfiltrate the data using SMTP from the victim's machine, in this case, followed a specific pattern.The old webpage hosted at jobsfinder3eeonline is shown in Figure 4.įigure 4: An old web page that spoofed LinkedIn and used the name "Jobsfinder 3ee", which is similar to the current campaign. We correlate the owner of that domain with a low confidence level to the campaign we discuss in this blog. In March 2018, a domain-jobsfinder3eeonline-was registered, which hosted a web page that spoofed LinkedIn on a WordPress site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |