Fresh off the heels of their recent Zero-Day attack, Microsoft is now facing yet another security breach, this time in the form of phishing. In a detailed report published by Trend Micro, the security software company deep dives into the specifics of the attack dubbed “Operation Pawn Storm,” which targets particular organizations with economic and political undertones. The largest and most well known targets have included a United States military company entitled ACADEMI, an information technology company known as Science Applications International Corporation (SAIC), and the Organization for Security and Co-operation in Europe (OSCE), all of which were infiltrated using Microsoft’s Outlook Web Access.
This step-by-step action works largely because the Java script convinces users that their Outlook sessions have ended, thereby prompting them to reenter their login name and password. This, in turn, successfully conceals SEDNIT backdoor malware, which once downloaded, notifies its command and control center server before installing a keylogger and consequently stealing the aforementioned information. In turn, one’s entire mailbox is available to explore and exploit.
Furthermore, what makes these attacks particularly effective is that they function on any browser (Firefox, Safari, Chrome, Internet Explorer), need no vulnerabilities for proper execution, and are especially tricky because companies often allow employees to access official mailboxes through third party webmail services. The attacks, which Trend Micro maintains have been going on since 2007, should continue to exist in some form.