The Metabase Q Security Operations Center recently reported on a campaign leveraging anti-detection techniques to slip past antivirus software and IT professionals. The campaign used endpoint detection and response security tools to block the initial payload, as well as fake certificates. Upon noticing the attack, Metabase Q’s Threat Intelligence Team conducted additional investigations to identify 20 different spam campaigns targeting countries in South America and elsewhere including Chile, Mexico, Peru, and Portugal.
The campaign consisted of the threat actors targeting entities in online banking, education, government services, social media, gaming, e-commerce, public repositories, and Outlook email. Metabase reported that the cybercriminals created fake webpages for the victim in an attempt to lure them into opening different types of fake bills. The campaigns reportedly started in August of last year and are still active. Metabase Q stated that the campaign was responsible for over 90,000 stolen credentials originating from over 17,000 unique websites. The stolen credentials and websites pertained to individuals working in all industry sectors. Metabase also reported that the estimated total impact from the campaigns are expected to be substantially larger.
Read More: Inside Mispadu massive infection campaign in LATAM