At least 20,000 users across various European companies have received phishing emails containing attached DocuSign-enabled PDF files or links to fake online forms. The hackers are after Microsoft accounts.
Palo Alto Networks’ cyber threats intelligence team Unit 42 is warning that a threat actor successfully compromised multiple victims in different companies.
The attackers are mostly targeting European companies, including German and UK automakers and chemical and industrial compound manufacturing organizations.
Cybernews previously reported that hackers were using DocuSign phishing links that appeared highly authentic, and bypassed security solutions.
A new investigation by Unit 42 reveals that threat actors abuse legitimate services to chain redirections until the victim reaches the final credential harvesting infrastructure.
More Info