Threat actors have targeted both Microsoft Office 365 and Google Workspace in a new campaign that leverages a legitimate domain associated with a road-safety organization in Moscow to distribute messages. The attackers are spoofing voice message notifications from WhatsApp in the malicious phishing campaign. Their ultimate goal is to trick recipients into downloading information stealing malware, according to researchers at cloud email security firm Armorblox. Armorblox detected the campaign and later found that the messages were originating from a legitimate site belonging to the State Road Safety operations for Moscow, under the Ministry of Internal Affairs of the Russian Federation.
Armorblox released a blog post detailing the campaign on Tuesday, confirming that the attackers have delivered the malicious messages to over 27,000 mailboxes so far. Once received, the messages spoof WhatsApp by informing victims that they have a new private voicemail in the app. The message includes a link allowing them to play the message. Security researchers stated that the organizations targeted by the campaign pertain to the healthcare, education, and retail sectors.
Read More: Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info