Attackers carry out phishing attacks using ‘Multi-persona Impersonation’

According to Proofpoint’s researchers, attackers are now using a “multi-persona impersonation’ phishing technique to trick victims into believing it is a realistic email conversation. For the MPI phishing technique, attackers use multiple personas and email accounts.

The phishing technique is used by the Iranian threat group TA453. This technique is cumbersome and requires a great deal of effort from the attackers to carry out the attack, because each target must be involved in a sophisticated realistic conversation conducted by fake personas, or sock puppet.

The technique is valuable, however, because it creates a realistic exchange of e-mails that makes the conversation seem legitimate.

After analyzing various case scenarios in which the technique was used, the researchers discovered that the attackers used personal email addresses from Gmail, Outlook, AOL, Hotmail for both senders and CCed persons instead of addresses from the fake institutions.

The document victims were tricked into downloading via OneDrive links in TA453’s malicious campaign are password-protected files that perform template injection.

“The downloaded template, dubbed Korg by Proofpoint, has three macros: Module1.bas, Module2.bas, and ThisDocument.cls. The macros collect information such as username, list of running processes along with the user’s public IP from and then exfiltrates that information using the Telegram API,” the report explains.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web