The attackers exploit CORS-Anywhere to enable prolonged access to targeted Microsoft email accounts.
Cyber-attacks involving sophisticated dynamic device code phishing have been deployed by the Russian state-sponsored advanced persistent threat operation Storm-2372 to compromise organisations globally.
According to research from SOCRadar, attackers targeted organisations in the government, defense, healthcare, finance, and technology sectors in the U.S., Canada, Germany, Ukraine, Australia, and UK.
Storm-2372 distributed malicious messages with links redirecting to seemingly legitimate login pages that generate device codes, and exploit CORS-Anywhere to enable prolonged access to targeted Microsoft email accounts, reported Hackread. These messages also circumvented multi-factor authentication and other security systems.
Such findings were regarded by SOCRadar researchers to be indicative of increasingly advanced phishing tactics employed by threat actors that require the implementation of more robust cybersecurity defenses among organisations.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
