Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS
released on 2019-08-09 @ 03:43:23 PM
Proofpoint researchers observed a phishing campaign in late July that continues as of this writing (with certain aspects that were active many months prior), that appears to target specific individuals at a variety of organizations using the branding and email transaction format of DocuSign. The campaign landing pages are hosted at Amazon public cloud storage (S3) which is a fairly uncommon practice among phishing actors monitored by Proofpoint.