On Tuesday, Microsoft’s security researchers published a report detailing a massive phishing-as-a-service campaign known as BulletProofLink. Phishing-as-a-Service offerings, or phishing kits, arm even the most novice threat actors with sophisticated platforms to launch widespread phishing campaigns with little more than a computer and a few hundred dollars. Researchers at Microsoft discovered this operation while investigating a separate phishing operation. They noted that the “interesting aspect of the campaign that drew our attention was its use of a technique we call ‘infinite subdomain abuse’, which…allows attackers to use a unique URL for each recipient while only having to purchase or compromise one domain for weeks on end.” Access Microsoft for the complete analysis or read an overview at TheRecord.
You are here
Related Resources
Jun 28, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Jun 27, 2024 in Cybersecurity, in Security Preparedness
Jun 27, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness