Hackers made a mistake and Google indexed stolen credentials

Google indexed stolen credentials
Written by Emma Davis

Check Point and Otorio analysts discovered that an unnamed hack group accidentally left their catch in the public domain, and Google indexed the stolen credentials.

The[.dropcap] phishing campaign by an unnamed hack group has been active for over six months and uses dozens of domains that host phishing pages. These pages receive regular updates to make fraudulent Microsoft Office 365 sign-in requests appear as realistic as possible.

Despite its apparent simplicity, this campaign successfully bypassed many security filters, and as a result, hackers collected at least 1,000 logins and passwords from corporate Office 365 accounts.said Check Point and Otorio researchers.

The scheme was simple: hackers sent phishing emails to potential victims, allegedly from Xerox devices, which notified them of scanning an HTML document.

Google indexed stolen credentials

If to open such attachments, can be seen only a blurry image with a fake Microsoft Office 365 login form superimposed on it. Moreover, the username field is already filled in with the victim’s email address.

When a user fell for a scammer, JavaScript running in the background validated their credentials, sent the information to the hacker’s server, and then redirected the user to the real Office 365 sign-in page.

The cybercriminals got through only with the storage of stolen data. The fact is that hackers forwarded the collected information to domains specially registered for this task. However, the credentials were placed in a public file, which was eventually indexed by Google.

As a result, a search for stolen email addresses or passwords returned results as in the screenshot below.

Google indexed stolen credentials

It is also noted that the attackers hacked into WordPress servers, where they hosted malicious PHP pages for their victims.

Attackers usually prefer to use compromised servers instead of their own infrastructure because of the good reputation of existing sites.the researchers explain.

After examining about 500 records, the researchers determined that building companies, and enterprises in the energy and IT sectors were most often the victims of phishing attacks by this group.

Let me remind you that we also talked about the fact that Mimecast, an international cloud-based email management company for Microsoft Exchange and Microsoft Office 365, said hackers had stolen a digital certificate provided to customers to securely connect Microsoft 365 Exchange accounts to Mimecast services.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.