Trusted Brands Phishing Scam Targets Cybersecurity Firm with Cisco and JP Morgan Bait
Cybercriminals Use Sophisticated Phishing Operation to Evade Security Measures
Cybercriminals have devised a sophisticated phishing operation that exploits the trust associated with well-known global brands to evade traditional security measures.
Seven-Stage Phishing Campaign Targets Top Executive of Outpost24
A recent example of this tactic was observed in a seven-stage phishing campaign aimed at a top executive of Sweden-based cybersecurity firm Outpost24. The company’s threat intelligence team successfully detected the attack, preventing a potentially devastating breach.
Phishing-as-a-Service Toolkit “Kratos” Used in the Attack
The campaign, which is believed to have utilized a phishing-as-a-service toolkit known as “Kratos,” leveraged the credibility and infrastructure of trusted platforms such as Cisco, JP Morgan, and Microsoft to construct a multi-layered attack chain.
Attack Chain Involves Multiple Legitimate Platforms
The initial stage of the attack involved a convincing email disguised as an official communication from JP Morgan, which was presented as part of an ongoing thread to avoid raising suspicion. The message contained a “Review Document” link that, when clicked, passed through Cisco’s secure web infrastructure, making it appear legitimate to security systems.
According to renowned cybercrime expert Prof. Triveni Singh, such attacks are increasingly exploiting human psychology. “Cybercriminals are now leveraging social engineering to weaponize trust. When users see names like Cisco or JP Morgan, they tend to lower their guard. That trust is now the biggest vulnerability,” he warned.
Experts Warn of “Link Laundering” Technique
Experts pointed out that the attackers effectively “laundered” their malicious links through multiple legitimate platforms, making them appear clean at each stage. This technique, often referred to as “link laundering,” helps bypass individual security checkpoints.
Recommendations to Defend Against Advanced Threats
To defend against such advanced threats, experts recommend that organizations adopt a zero-trust security model, enforce multi-factor authentication, and conduct regular cybersecurity awareness training for employees. Additionally, users should verify the authenticity of links before clicking, avoid suspicious emails, and report any incidents to their IT departments.
Note that I’ve wrapped the content in a `
About Author
English